void disassembler::Jd(const x86_insn *insn)
{
Bit32s imm32 = (Bit32s) fetch_dword();
if (insn->is_64) {
Bit64u imm64 = (Bit32s) imm32;
if (offset_mode_hex) {
dis_sprintf(".+0x%08x%08x", GET32H(imm64), GET32L(imm64));
}
else {
dis_sprintf(".%+d", (int) imm32);
}
if (db_cs_base != BX_JUMP_TARGET_NOT_REQ) {
Bit64u target = db_cs_base + db_eip + (Bit64s) imm64;
dis_sprintf(" (0x%08x%08x)", GET32H(target), GET32L(target));
}
return;
}
if (offset_mode_hex) {
dis_sprintf(".+0x%08x", (unsigned) imm32);
}
else {
dis_sprintf(".%+d", (int) imm32);
}
if (db_cs_base != BX_JUMP_TARGET_NOT_REQ) {
Bit32u target = (Bit32u)(db_cs_base + db_eip + (Bit32s) imm32);
dis_sprintf(" (0x%08x)", target);
}
}
// jump offset
void disassembler::Jb(const x86_insn *insn)
{
Bit8s imm8 = (Bit8s) fetch_byte();
if (insn->is_64) {
Bit64u imm64 = (Bit8s) imm8;
if (offset_mode_hex) {
dis_sprintf(".+0x%08x%08x", GET32H(imm64), GET32L(imm64));
}
else {
dis_sprintf(".%+d", (int) imm8);
}
if (db_cs_base != BX_JUMP_TARGET_NOT_REQ) {
Bit64u target = db_eip + imm64;
target += db_cs_base;
dis_sprintf(" (0x%08x%08x)", GET32H(target), GET32L(target));
}
return;
}
if (insn->os_32) {
Bit32u imm32 = (Bit8s) imm8;
if (offset_mode_hex) {
dis_sprintf(".+0x%08x", (unsigned) imm32);
}
else {
dis_sprintf(".%+d", (int) imm8);
}
if (db_cs_base != BX_JUMP_TARGET_NOT_REQ) {
Bit32u target = (Bit32u)(db_cs_base + db_eip + (Bit32s) imm32);
dis_sprintf(" (0x%08x)", target);
}
}
else {
Bit16u imm16 = (Bit8s) imm8;
if (offset_mode_hex) {
dis_sprintf(".+0x%04x", (unsigned) imm16);
}
else {
dis_sprintf(".%+d", (int) imm8);
}
if (db_cs_base != BX_JUMP_TARGET_NOT_REQ) {
Bit16u target = (Bit16u)((db_eip + (Bit16s) imm16) & 0xffff);
dis_sprintf(" (0x%08x)", target + db_cs_base);
}
}
}
void disassembler::Iq(const x86_insn *insn)
{
Bit64u value = fetch_qword();
if (! intel_mode) dis_putc('$');
dis_sprintf("0x%08x%08x", GET32H(value), GET32L(value));
}
// direct memory access
void disassembler::OP_O(const x86_insn *insn, unsigned size)
{
const char *seg;
if (insn->is_seg_override())
seg = segment_name[insn->seg_override];
else
seg = segment_name[DS_REG];
print_datasize(size);
if (insn->as_64) {
Bit64u imm64 = fetch_qword();
dis_sprintf("%s:0x%08x%08x", seg, GET32H(imm64), GET32L(imm64));
}
else if (insn->as_32) {
Bit32u imm32 = fetch_dword();
dis_sprintf("%s:0x%08x", seg, (unsigned) imm32);
}
else {
Bit16u imm16 = fetch_word();
dis_sprintf("%s:0x%04x", seg, (unsigned) imm16);
}
}
// sign extended immediate
void disassembler::sIdq(const x86_insn *insn)
{
if (! intel_mode) dis_putc('$');
Bit64u imm64 = (Bit32s) fetch_dword();
dis_sprintf ("0x%08x%08x", GET32H(imm64), GET32L(imm64));
}
void BX_CPU_C::long_mode_int(Bit8u vector, unsigned soft_int, bx_bool push_error, Bit16u error_code)
{
bx_descriptor_t gate_descriptor, cs_descriptor;
bx_selector_t cs_selector;
// interrupt vector must be within IDT table limits,
// else #GP(vector*8 + 2 + EXT)
if ((vector*16 + 15) > BX_CPU_THIS_PTR idtr.limit) {
BX_ERROR(("interrupt(long mode): vector must be within IDT table limits, IDT.limit = 0x%x", BX_CPU_THIS_PTR idtr.limit));
exception(BX_GP_EXCEPTION, vector*8 + 2);
}
Bit64u desctmp1 = system_read_qword(BX_CPU_THIS_PTR idtr.base + vector*16);
Bit64u desctmp2 = system_read_qword(BX_CPU_THIS_PTR idtr.base + vector*16 + 8);
if (desctmp2 & BX_CONST64(0x00001F0000000000)) {
BX_ERROR(("interrupt(long mode): IDT entry extended attributes DWORD4 TYPE != 0"));
exception(BX_GP_EXCEPTION, vector*8 + 2);
}
Bit32u dword1 = GET32L(desctmp1);
Bit32u dword2 = GET32H(desctmp1);
Bit32u dword3 = GET32L(desctmp2);
parse_descriptor(dword1, dword2, &gate_descriptor);
if ((gate_descriptor.valid==0) || gate_descriptor.segment)
{
BX_ERROR(("interrupt(long mode): gate descriptor is not valid sys seg"));
exception(BX_GP_EXCEPTION, vector*8 + 2);
}
// descriptor AR byte must indicate interrupt gate, trap gate,
// or task gate, else #GP(vector*8 + 2 + EXT)
if (gate_descriptor.type != BX_386_INTERRUPT_GATE &&
gate_descriptor.type != BX_386_TRAP_GATE)
{
BX_ERROR(("interrupt(long mode): unsupported gate type %u",
(unsigned) gate_descriptor.type));
exception(BX_GP_EXCEPTION, vector*8 + 2);
}
// if software interrupt, then gate descripor DPL must be >= CPL,
// else #GP(vector * 8 + 2 + EXT)
if (soft_int && gate_descriptor.dpl < CPL)
{
BX_ERROR(("interrupt(long mode): soft_int && gate.dpl < CPL"));
exception(BX_GP_EXCEPTION, vector*8 + 2);
}
// Gate must be present, else #NP(vector * 8 + 2 + EXT)
if (! IS_PRESENT(gate_descriptor)) {
BX_ERROR(("interrupt(long mode): gate.p == 0"));
exception(BX_NP_EXCEPTION, vector*8 + 2);
}
Bit16u gate_dest_selector = gate_descriptor.u.gate.dest_selector;
Bit64u gate_dest_offset = ((Bit64u)dword3 << 32) |
gate_descriptor.u.gate.dest_offset;
unsigned ist = gate_descriptor.u.gate.param_count & 0x7;
// examine CS selector and descriptor given in gate descriptor
// selector must be non-null else #GP(EXT)
if ((gate_dest_selector & 0xfffc) == 0) {
BX_ERROR(("int_trap_gate(long mode): selector null"));
exception(BX_GP_EXCEPTION, 0);
}
parse_selector(gate_dest_selector, &cs_selector);
// selector must be within its descriptor table limits
// else #GP(selector+EXT)
fetch_raw_descriptor(&cs_selector, &dword1, &dword2, BX_GP_EXCEPTION);
parse_descriptor(dword1, dword2, &cs_descriptor);
// descriptor AR byte must indicate code seg
// and code segment descriptor DPL<=CPL, else #GP(selector+EXT)
if (cs_descriptor.valid==0 || cs_descriptor.segment==0 ||
IS_DATA_SEGMENT(cs_descriptor.type) ||
cs_descriptor.dpl > CPL)
{
BX_ERROR(("interrupt(long mode): not accessible or not code segment"));
exception(BX_GP_EXCEPTION, cs_selector.value & 0xfffc);
}
// check that it's a 64 bit segment
if (! IS_LONG64_SEGMENT(cs_descriptor) || cs_descriptor.u.segment.d_b)
{
BX_ERROR(("interrupt(long mode): must be 64 bit segment"));
exception(BX_GP_EXCEPTION, cs_selector.value & 0xfffc);
}
// segment must be present, else #NP(selector + EXT)
if (! IS_PRESENT(cs_descriptor)) {
BX_ERROR(("interrupt(long mode): segment not present"));
exception(BX_NP_EXCEPTION, cs_selector.value & 0xfffc);
}
Bit64u RSP_for_cpl_x;
Bit64u old_CS = BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector.value;
Bit64u old_RIP = RIP;
Bit64u old_SS = BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector.value;
Bit64u old_RSP = RSP;
// if code segment is non-conforming and DPL < CPL then
// INTERRUPT TO INNER PRIVILEGE:
if (IS_CODE_SEGMENT_NON_CONFORMING(cs_descriptor.type) && cs_descriptor.dpl < CPL)
{
BX_DEBUG(("interrupt(long mode): INTERRUPT TO INNER PRIVILEGE"));
// check selector and descriptor for new stack in current TSS
if (ist > 0) {
BX_DEBUG(("interrupt(long mode): trap to IST, vector = %d", ist));
RSP_for_cpl_x = get_RSP_from_TSS(ist+3);
}
else {
RSP_for_cpl_x = get_RSP_from_TSS(cs_descriptor.dpl);
}
// align stack
RSP_for_cpl_x &= BX_CONST64(0xfffffffffffffff0);
// push old stack long pointer onto new stack
write_new_stack_qword_64(RSP_for_cpl_x - 8, cs_descriptor.dpl, old_SS);
write_new_stack_qword_64(RSP_for_cpl_x - 16, cs_descriptor.dpl, old_RSP);
write_new_stack_qword_64(RSP_for_cpl_x - 24, cs_descriptor.dpl, read_eflags());
// push long pointer to return address onto new stack
write_new_stack_qword_64(RSP_for_cpl_x - 32, cs_descriptor.dpl, old_CS);
write_new_stack_qword_64(RSP_for_cpl_x - 40, cs_descriptor.dpl, old_RIP);
RSP_for_cpl_x -= 40;
if (push_error) {
RSP_for_cpl_x -= 8;
write_new_stack_qword_64(RSP_for_cpl_x, cs_descriptor.dpl, error_code);
}
// load CS:RIP (guaranteed to be in 64 bit mode)
branch_far64(&cs_selector, &cs_descriptor, gate_dest_offset, cs_descriptor.dpl);
// set up null SS descriptor
load_null_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS], cs_descriptor.dpl);
}
else if(IS_CODE_SEGMENT_CONFORMING(cs_descriptor.type) || cs_descriptor.dpl==CPL)
{
// if code segment is conforming OR code segment DPL = CPL then
// INTERRUPT TO SAME PRIVILEGE LEVEL:
BX_DEBUG(("interrupt(long mode): INTERRUPT TO SAME PRIVILEGE"));
// check selector and descriptor for new stack in current TSS
if (ist > 0) {
BX_DEBUG(("interrupt(long mode): trap to IST, vector = %d", ist));
RSP_for_cpl_x = get_RSP_from_TSS(ist+3);
}
else {
RSP_for_cpl_x = RSP;
}
// align stack
RSP_for_cpl_x &= BX_CONST64(0xfffffffffffffff0);
// push flags onto stack
// push current CS selector onto stack
// push return offset onto stack
write_new_stack_qword_64(RSP_for_cpl_x - 8, cs_descriptor.dpl, old_SS);
write_new_stack_qword_64(RSP_for_cpl_x - 16, cs_descriptor.dpl, old_RSP);
write_new_stack_qword_64(RSP_for_cpl_x - 24, cs_descriptor.dpl, read_eflags());
// push long pointer to return address onto new stack
write_new_stack_qword_64(RSP_for_cpl_x - 32, cs_descriptor.dpl, old_CS);
write_new_stack_qword_64(RSP_for_cpl_x - 40, cs_descriptor.dpl, old_RIP);
RSP_for_cpl_x -= 40;
if (push_error) {
RSP_for_cpl_x -= 8;
write_new_stack_qword_64(RSP_for_cpl_x, cs_descriptor.dpl, error_code);
}
// set the RPL field of CS to CPL
branch_far64(&cs_selector, &cs_descriptor, gate_dest_offset, CPL);
}
else {
BX_ERROR(("interrupt(long mode): bad descriptor type %u (CS.DPL=%u CPL=%u)",
(unsigned) cs_descriptor.type, (unsigned) cs_descriptor.dpl, (unsigned) CPL));
exception(BX_GP_EXCEPTION, cs_selector.value & 0xfffc);
}
RSP = RSP_for_cpl_x;
// if interrupt gate then set IF to 0
if (!(gate_descriptor.type & 1)) // even is int-gate
BX_CPU_THIS_PTR clear_IF();
BX_CPU_THIS_PTR clear_TF();
//BX_CPU_THIS_PTR clear_VM(); // VM is clear in long mode
BX_CPU_THIS_PTR clear_RF();
BX_CPU_THIS_PTR clear_NT();
}
void BX_CPU_C::protected_mode_int(Bit8u vector, unsigned soft_int, bx_bool push_error, Bit16u error_code)
{
bx_descriptor_t gate_descriptor, cs_descriptor;
bx_selector_t cs_selector;
Bit16u raw_tss_selector;
bx_selector_t tss_selector;
bx_descriptor_t tss_descriptor;
Bit16u gate_dest_selector;
Bit32u gate_dest_offset;
// interrupt vector must be within IDT table limits,
// else #GP(vector*8 + 2 + EXT)
if ((vector*8 + 7) > BX_CPU_THIS_PTR idtr.limit) {
BX_ERROR(("interrupt(): vector must be within IDT table limits, IDT.limit = 0x%x", BX_CPU_THIS_PTR idtr.limit));
exception(BX_GP_EXCEPTION, vector*8 + 2);
}
Bit64u desctmp = system_read_qword(BX_CPU_THIS_PTR idtr.base + vector*8);
Bit32u dword1 = GET32L(desctmp);
Bit32u dword2 = GET32H(desctmp);
parse_descriptor(dword1, dword2, &gate_descriptor);
if ((gate_descriptor.valid==0) || gate_descriptor.segment) {
BX_ERROR(("interrupt(): gate descriptor is not valid sys seg (vector=0x%02x)", vector));
exception(BX_GP_EXCEPTION, vector*8 + 2);
}
// descriptor AR byte must indicate interrupt gate, trap gate,
// or task gate, else #GP(vector*8 + 2 + EXT)
switch (gate_descriptor.type) {
case BX_TASK_GATE:
case BX_286_INTERRUPT_GATE:
case BX_286_TRAP_GATE:
case BX_386_INTERRUPT_GATE:
case BX_386_TRAP_GATE:
break;
default:
BX_ERROR(("interrupt(): gate.type(%u) != {5,6,7,14,15}",
(unsigned) gate_descriptor.type));
exception(BX_GP_EXCEPTION, vector*8 + 2);
}
// if software interrupt, then gate descripor DPL must be >= CPL,
// else #GP(vector * 8 + 2 + EXT)
if (soft_int && gate_descriptor.dpl < CPL) {
BX_ERROR(("interrupt(): soft_int && (gate.dpl < CPL)"));
exception(BX_GP_EXCEPTION, vector*8 + 2);
}
// Gate must be present, else #NP(vector * 8 + 2 + EXT)
if (! IS_PRESENT(gate_descriptor)) {
BX_ERROR(("interrupt(): gate not present"));
exception(BX_NP_EXCEPTION, vector*8 + 2);
}
switch (gate_descriptor.type) {
case BX_TASK_GATE:
// examine selector to TSS, given in task gate descriptor
raw_tss_selector = gate_descriptor.u.taskgate.tss_selector;
parse_selector(raw_tss_selector, &tss_selector);
// must specify global in the local/global bit,
// else #GP(TSS selector)
if (tss_selector.ti) {
BX_ERROR(("interrupt(): tss_selector.ti=1 from gate descriptor - #GP(tss_selector)"));
exception(BX_GP_EXCEPTION, raw_tss_selector & 0xfffc);
}
// index must be within GDT limits, else #TS(TSS selector)
fetch_raw_descriptor(&tss_selector, &dword1, &dword2, BX_GP_EXCEPTION);
parse_descriptor(dword1, dword2, &tss_descriptor);
// AR byte must specify available TSS,
// else #GP(TSS selector)
if (tss_descriptor.valid==0 || tss_descriptor.segment) {
BX_ERROR(("interrupt(): TSS selector points to invalid or bad TSS - #GP(tss_selector)"));
exception(BX_GP_EXCEPTION, raw_tss_selector & 0xfffc);
}
if (tss_descriptor.type!=BX_SYS_SEGMENT_AVAIL_286_TSS &&
tss_descriptor.type!=BX_SYS_SEGMENT_AVAIL_386_TSS)
{
BX_ERROR(("interrupt(): TSS selector points to bad TSS - #GP(tss_selector)"));
exception(BX_GP_EXCEPTION, raw_tss_selector & 0xfffc);
}
// TSS must be present, else #NP(TSS selector)
if (! IS_PRESENT(tss_descriptor)) {
BX_ERROR(("interrupt(): TSS descriptor.p == 0"));
exception(BX_NP_EXCEPTION, raw_tss_selector & 0xfffc);
}
// switch tasks with nesting to TSS
task_switch(0, &tss_selector, &tss_descriptor,
BX_TASK_FROM_INT, dword1, dword2);
RSP_SPECULATIVE;
// if interrupt was caused by fault with error code
// stack limits must allow push of 2 more bytes, else #SS(0)
// push error code onto stack
if (push_error) {
if (tss_descriptor.type >= 9) // TSS386
push_32(error_code);
else
push_16(error_code);
}
// instruction pointer must be in CS limit, else #GP(0)
if (EIP > BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.limit_scaled) {
BX_ERROR(("interrupt(): EIP > CS.limit"));
exception(BX_GP_EXCEPTION, 0);
}
RSP_COMMIT;
return;
case BX_286_INTERRUPT_GATE:
case BX_286_TRAP_GATE:
case BX_386_INTERRUPT_GATE:
case BX_386_TRAP_GATE:
gate_dest_selector = gate_descriptor.u.gate.dest_selector;
gate_dest_offset = gate_descriptor.u.gate.dest_offset;
// examine CS selector and descriptor given in gate descriptor
// selector must be non-null else #GP(EXT)
if ((gate_dest_selector & 0xfffc) == 0) {
BX_ERROR(("int_trap_gate(): selector null"));
exception(BX_GP_EXCEPTION, 0);
}
parse_selector(gate_dest_selector, &cs_selector);
// selector must be within its descriptor table limits
// else #GP(selector+EXT)
fetch_raw_descriptor(&cs_selector, &dword1, &dword2, BX_GP_EXCEPTION);
parse_descriptor(dword1, dword2, &cs_descriptor);
// descriptor AR byte must indicate code seg
// and code segment descriptor DPL<=CPL, else #GP(selector+EXT)
if (cs_descriptor.valid==0 || cs_descriptor.segment==0 ||
IS_DATA_SEGMENT(cs_descriptor.type) ||
cs_descriptor.dpl > CPL)
{
BX_ERROR(("interrupt(): not accessible or not code segment cs=0x%04x", cs_selector.value));
exception(BX_GP_EXCEPTION, cs_selector.value & 0xfffc);
}
// segment must be present, else #NP(selector + EXT)
if (! IS_PRESENT(cs_descriptor)) {
BX_ERROR(("interrupt(): segment not present"));
exception(BX_NP_EXCEPTION, cs_selector.value & 0xfffc);
}
// if code segment is non-conforming and DPL < CPL then
// INTERRUPT TO INNER PRIVILEGE
if(IS_CODE_SEGMENT_NON_CONFORMING(cs_descriptor.type) && cs_descriptor.dpl < CPL)
{
Bit16u old_SS, old_CS, SS_for_cpl_x;
Bit32u ESP_for_cpl_x, old_EIP, old_ESP;
bx_descriptor_t ss_descriptor;
bx_selector_t ss_selector;
int is_v8086_mode = v8086_mode();
BX_DEBUG(("interrupt(): INTERRUPT TO INNER PRIVILEGE"));
// check selector and descriptor for new stack in current TSS
get_SS_ESP_from_TSS(cs_descriptor.dpl,
&SS_for_cpl_x, &ESP_for_cpl_x);
if (is_v8086_mode && cs_descriptor.dpl != 0) {
// if code segment DPL != 0 then #GP(new code segment selector)
BX_ERROR(("interrupt(): code segment DPL(%d) != 0 in v8086 mode", cs_descriptor.dpl));
exception(BX_GP_EXCEPTION, cs_selector.value & 0xfffc);
}
// Selector must be non-null else #TS(EXT)
if ((SS_for_cpl_x & 0xfffc) == 0) {
BX_ERROR(("interrupt(): SS selector null"));
exception(BX_TS_EXCEPTION, 0); /* TS(ext) */
}
// selector index must be within its descriptor table limits
// else #TS(SS selector + EXT)
parse_selector(SS_for_cpl_x, &ss_selector);
// fetch 2 dwords of descriptor; call handles out of limits checks
fetch_raw_descriptor(&ss_selector, &dword1, &dword2, BX_TS_EXCEPTION);
parse_descriptor(dword1, dword2, &ss_descriptor);
// selector rpl must = dpl of code segment,
// else #TS(SS selector + ext)
if (ss_selector.rpl != cs_descriptor.dpl) {
BX_ERROR(("interrupt(): SS.rpl != CS.dpl"));
exception(BX_TS_EXCEPTION, SS_for_cpl_x & 0xfffc);
}
// stack seg DPL must = DPL of code segment,
// else #TS(SS selector + ext)
if (ss_descriptor.dpl != cs_descriptor.dpl) {
BX_ERROR(("interrupt(): SS.dpl != CS.dpl"));
exception(BX_TS_EXCEPTION, SS_for_cpl_x & 0xfffc);
}
// descriptor must indicate writable data segment,
// else #TS(SS selector + EXT)
if (ss_descriptor.valid==0 || ss_descriptor.segment==0 ||
IS_CODE_SEGMENT(ss_descriptor.type) ||
!IS_DATA_SEGMENT_WRITEABLE(ss_descriptor.type))
{
BX_ERROR(("interrupt(): SS is not writable data segment"));
exception(BX_TS_EXCEPTION, SS_for_cpl_x & 0xfffc);
}
// seg must be present, else #SS(SS selector + ext)
if (! IS_PRESENT(ss_descriptor)) {
BX_ERROR(("interrupt(): SS not present"));
exception(BX_SS_EXCEPTION, SS_for_cpl_x & 0xfffc);
}
// IP must be within CS segment boundaries, else #GP(0)
if (gate_dest_offset > cs_descriptor.u.segment.limit_scaled) {
BX_ERROR(("interrupt(): gate EIP > CS.limit"));
exception(BX_GP_EXCEPTION, 0);
}
old_ESP = ESP;
old_SS = BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector.value;
old_EIP = EIP;
old_CS = BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector.value;
// Prepare new stack segment
bx_segment_reg_t new_stack;
new_stack.selector = ss_selector;
new_stack.cache = ss_descriptor;
new_stack.selector.rpl = cs_descriptor.dpl;
// add cpl to the selector value
new_stack.selector.value = (0xfffc & new_stack.selector.value) |
new_stack.selector.rpl;
if (ss_descriptor.u.segment.d_b) {
Bit32u temp_ESP = ESP_for_cpl_x;
if (is_v8086_mode)
{
if (gate_descriptor.type>=14) { // 386 int/trap gate
write_new_stack_dword_32(&new_stack, temp_ESP-4, cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].selector.value);
write_new_stack_dword_32(&new_stack, temp_ESP-8, cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].selector.value);
write_new_stack_dword_32(&new_stack, temp_ESP-12, cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector.value);
write_new_stack_dword_32(&new_stack, temp_ESP-16, cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value);
temp_ESP -= 16;
}
else {
write_new_stack_word_32(&new_stack, temp_ESP-2, cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].selector.value);
write_new_stack_word_32(&new_stack, temp_ESP-4, cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].selector.value);
write_new_stack_word_32(&new_stack, temp_ESP-6, cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector.value);
write_new_stack_word_32(&new_stack, temp_ESP-8, cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value);
temp_ESP -= 8;
}
}
if (gate_descriptor.type>=14) { // 386 int/trap gate
// push long pointer to old stack onto new stack
write_new_stack_dword_32(&new_stack, temp_ESP-4, cs_descriptor.dpl, old_SS);
write_new_stack_dword_32(&new_stack, temp_ESP-8, cs_descriptor.dpl, old_ESP);
write_new_stack_dword_32(&new_stack, temp_ESP-12, cs_descriptor.dpl, read_eflags());
write_new_stack_dword_32(&new_stack, temp_ESP-16, cs_descriptor.dpl, old_CS);
write_new_stack_dword_32(&new_stack, temp_ESP-20, cs_descriptor.dpl, old_EIP);
temp_ESP -= 20;
if (push_error) {
temp_ESP -= 4;
write_new_stack_dword_32(&new_stack, temp_ESP, cs_descriptor.dpl, error_code);
}
}
else { // 286 int/trap gate
// push long pointer to old stack onto new stack
write_new_stack_word_32(&new_stack, temp_ESP-2, cs_descriptor.dpl, old_SS);
write_new_stack_word_32(&new_stack, temp_ESP-4, cs_descriptor.dpl, (Bit16u) old_ESP);
write_new_stack_word_32(&new_stack, temp_ESP-6, cs_descriptor.dpl, (Bit16u) read_eflags());
write_new_stack_word_32(&new_stack, temp_ESP-8, cs_descriptor.dpl, old_CS);
write_new_stack_word_32(&new_stack, temp_ESP-10, cs_descriptor.dpl, (Bit16u) old_EIP);
temp_ESP -= 10;
if (push_error) {
temp_ESP -= 2;
write_new_stack_word_32(&new_stack, temp_ESP, cs_descriptor.dpl, error_code);
}
}
ESP = temp_ESP;
}
else {
Bit16u temp_SP = (Bit16u) ESP_for_cpl_x;
if (is_v8086_mode)
{
if (gate_descriptor.type>=14) { // 386 int/trap gate
write_new_stack_dword_32(&new_stack, (Bit16u)(temp_SP-4), cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].selector.value);
write_new_stack_dword_32(&new_stack, (Bit16u)(temp_SP-8), cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].selector.value);
write_new_stack_dword_32(&new_stack, (Bit16u)(temp_SP-12), cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector.value);
write_new_stack_dword_32(&new_stack, (Bit16u)(temp_SP-16), cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value);
temp_SP -= 16;
}
else {
write_new_stack_word_32(&new_stack, (Bit16u)(temp_SP-2), cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].selector.value);
write_new_stack_word_32(&new_stack, (Bit16u)(temp_SP-4), cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].selector.value);
write_new_stack_word_32(&new_stack, (Bit16u)(temp_SP-6), cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector.value);
write_new_stack_word_32(&new_stack, (Bit16u)(temp_SP-8), cs_descriptor.dpl,
BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value);
temp_SP -= 8;
}
}
if (gate_descriptor.type>=14) { // 386 int/trap gate
// push long pointer to old stack onto new stack
write_new_stack_dword_32(&new_stack, (Bit16u)(temp_SP-4), cs_descriptor.dpl, old_SS);
write_new_stack_dword_32(&new_stack, (Bit16u)(temp_SP-8), cs_descriptor.dpl, old_ESP);
write_new_stack_dword_32(&new_stack, (Bit16u)(temp_SP-12), cs_descriptor.dpl, read_eflags());
write_new_stack_dword_32(&new_stack, (Bit16u)(temp_SP-16), cs_descriptor.dpl, old_CS);
write_new_stack_dword_32(&new_stack, (Bit16u)(temp_SP-20), cs_descriptor.dpl, old_EIP);
temp_SP -= 20;
if (push_error) {
temp_SP -= 4;
write_new_stack_dword_32(&new_stack, temp_SP, cs_descriptor.dpl, error_code);
}
}
else { // 286 int/trap gate
// push long pointer to old stack onto new stack
write_new_stack_word_32(&new_stack, (Bit16u)(temp_SP-2), cs_descriptor.dpl, old_SS);
write_new_stack_word_32(&new_stack, (Bit16u)(temp_SP-4), cs_descriptor.dpl, (Bit16u) old_ESP);
write_new_stack_word_32(&new_stack, (Bit16u)(temp_SP-6), cs_descriptor.dpl, (Bit16u) read_eflags());
write_new_stack_word_32(&new_stack, (Bit16u)(temp_SP-8), cs_descriptor.dpl, old_CS);
write_new_stack_word_32(&new_stack, (Bit16u)(temp_SP-10), cs_descriptor.dpl, (Bit16u) old_EIP);
temp_SP -= 10;
if (push_error) {
temp_SP -= 2;
write_new_stack_word_32(&new_stack, temp_SP, cs_descriptor.dpl, error_code);
}
}
SP = temp_SP;
}
// load new CS:eIP values from gate
// set CPL to new code segment DPL
// set RPL of CS to CPL
load_cs(&cs_selector, &cs_descriptor, cs_descriptor.dpl);
// load new SS:eSP values from TSS
load_ss(&ss_selector, &ss_descriptor, cs_descriptor.dpl);
if (is_v8086_mode)
{
BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].cache.valid = 0;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].selector.value = 0;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].cache.valid = 0;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].selector.value = 0;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].cache.valid = 0;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector.value = 0;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].cache.valid = 0;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value = 0;
}
}
else
{
BX_DEBUG(("interrupt(): INTERRUPT TO SAME PRIVILEGE"));
if (v8086_mode() && (IS_CODE_SEGMENT_CONFORMING(cs_descriptor.type) || cs_descriptor.dpl != 0)) {
// if code segment DPL != 0 then #GP(new code segment selector)
BX_ERROR(("interrupt(): code segment conforming or DPL(%d) != 0 in v8086 mode", cs_descriptor.dpl));
exception(BX_GP_EXCEPTION, cs_selector.value & 0xfffc);
}
// EIP must be in CS limit else #GP(0)
if (gate_dest_offset > cs_descriptor.u.segment.limit_scaled) {
BX_ERROR(("interrupt(): IP > CS descriptor limit"));
exception(BX_GP_EXCEPTION, 0);
}
// push flags onto stack
// push current CS selector onto stack
// push return offset onto stack
if (gate_descriptor.type >= 14) { // 386 gate
push_32(read_eflags());
push_32(BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector.value);
push_32(EIP);
if (push_error)
push_32(error_code);
}
else { // 286 gate
push_16((Bit16u) read_eflags());
push_16(BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector.value);
push_16(IP);
if (push_error)
push_16(error_code);
}
// load CS:IP from gate
// load CS descriptor
// set the RPL field of CS to CPL
load_cs(&cs_selector, &cs_descriptor, CPL);
}
EIP = gate_dest_offset;
// if interrupt gate then set IF to 0
if (!(gate_descriptor.type & 1)) // even is int-gate
BX_CPU_THIS_PTR clear_IF();
BX_CPU_THIS_PTR clear_TF();
BX_CPU_THIS_PTR clear_NT();
BX_CPU_THIS_PTR clear_VM();
BX_CPU_THIS_PTR clear_RF();
return;
default:
BX_PANIC(("bad descriptor type in interrupt()!"));
break;
}
}
BX_CPU_C::call_gate64(bx_selector_t *gate_selector)
{
bx_selector_t cs_selector;
Bit32u dword1, dword2, dword3;
bx_descriptor_t cs_descriptor;
bx_descriptor_t gate_descriptor;
// examine code segment selector in call gate descriptor
BX_DEBUG(("call_gate64: CALL 64bit call gate"));
fetch_raw_descriptor_64(gate_selector, &dword1, &dword2, &dword3, BX_GP_EXCEPTION);
parse_descriptor(dword1, dword2, &gate_descriptor);
Bit16u dest_selector = gate_descriptor.u.gate.dest_selector;
// selector must not be null else #GP(0)
if ((dest_selector & 0xfffc) == 0) {
BX_ERROR(("call_gate64: selector in gate null"));
exception(BX_GP_EXCEPTION, 0, 0);
}
parse_selector(dest_selector, &cs_selector);
// selector must be within its descriptor table limits,
// else #GP(code segment selector)
fetch_raw_descriptor(&cs_selector, &dword1, &dword2, BX_GP_EXCEPTION);
parse_descriptor(dword1, dword2, &cs_descriptor);
// find the RIP in the gate_descriptor
Bit64u new_RIP = gate_descriptor.u.gate.dest_offset;
new_RIP |= ((Bit64u)dword3 << 32);
// AR byte of selected descriptor must indicate code segment,
// else #GP(code segment selector)
// DPL of selected descriptor must be <= CPL,
// else #GP(code segment selector)
if (cs_descriptor.valid==0 || cs_descriptor.segment==0 ||
IS_DATA_SEGMENT(cs_descriptor.type) ||
cs_descriptor.dpl > CPL)
{
BX_ERROR(("call_gate64: selected descriptor is not code"));
exception(BX_GP_EXCEPTION, dest_selector & 0xfffc, 0);
}
// In long mode, only 64-bit call gates are allowed, and they must point
// to 64-bit code segments, else #GP(selector)
if (! IS_LONG64_SEGMENT(cs_descriptor) || cs_descriptor.u.segment.d_b)
{
BX_ERROR(("call_gate64: not 64-bit code segment in call gate 64"));
exception(BX_GP_EXCEPTION, dest_selector & 0xfffc, 0);
}
// code segment must be present else #NP(selector)
if (! IS_PRESENT(cs_descriptor)) {
BX_ERROR(("call_gate64: code segment not present !"));
exception(BX_NP_EXCEPTION, dest_selector & 0xfffc, 0);
}
Bit64u old_CS = BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector.value;
Bit64u old_RIP = RIP;
// CALL GATE TO MORE PRIVILEGE
// if non-conforming code segment and DPL < CPL then
if (IS_CODE_SEGMENT_NON_CONFORMING(cs_descriptor.type) && (cs_descriptor.dpl < CPL))
{
Bit64u RSP_for_cpl_x;
BX_DEBUG(("CALL GATE TO MORE PRIVILEGE LEVEL"));
// get new RSP for new privilege level from TSS
get_RSP_from_TSS(cs_descriptor.dpl, &RSP_for_cpl_x);
Bit64u old_SS = BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector.value;
Bit64u old_RSP = RSP;
if (! IsCanonical(RSP_for_cpl_x)) {
// #SS(selector) when changing priviledge level
BX_ERROR(("call_gate64: canonical address failure %08x%08x",
GET32H(RSP_for_cpl_x), GET32L(RSP_for_cpl_x)));
exception(BX_SS_EXCEPTION, old_SS & 0xfffc, 0);
}
// push old stack long pointer onto new stack
write_new_stack_qword_64(RSP_for_cpl_x - 8, cs_descriptor.dpl, old_SS);
write_new_stack_qword_64(RSP_for_cpl_x - 16, cs_descriptor.dpl, old_RSP);
// push long pointer to return address onto new stack
write_new_stack_qword_64(RSP_for_cpl_x - 24, cs_descriptor.dpl, old_CS);
write_new_stack_qword_64(RSP_for_cpl_x - 32, cs_descriptor.dpl, old_RIP);
RSP_for_cpl_x -= 32;
// prepare new stack null SS selector
bx_selector_t ss_selector;
bx_descriptor_t ss_descriptor;
// set up a null descriptor
parse_selector(0, &ss_selector);
parse_descriptor(0, 0, &ss_descriptor);
// load CS:RIP (guaranteed to be in 64 bit mode)
branch_far64(&cs_selector, &cs_descriptor, new_RIP, cs_descriptor.dpl);
// set up null SS descriptor
load_ss(&ss_selector, &ss_descriptor, cs_descriptor.dpl);
RSP = RSP_for_cpl_x;
}
else
{
BX_DEBUG(("CALL GATE TO SAME PRIVILEGE"));
// push to 64-bit stack, switch to long64 guaranteed
write_new_stack_qword_64(RSP - 8, CPL, old_CS);
write_new_stack_qword_64(RSP - 16, CPL, old_RIP);
RSP -= 16;
// load CS:RIP (guaranteed to be in 64 bit mode)
branch_far64(&cs_selector, &cs_descriptor, new_RIP, CPL);
}
}
BX_CPU_C::write_virtual_checks(bx_segment_reg_t *seg, bx_address offset,
unsigned length)
{
Bit32u upper_limit;
#if BX_SUPPORT_X86_64
if (BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_64) {
// do canonical checks
if (!IsCanonical(offset)) {
BX_ERROR(("write_virtual_checks(): canonical Failure 0x%08x:%08x", GET32H(offset), GET32L(offset)));
exception(int_number(seg), 0, 0);
}
seg->cache.valid |= SegAccessWOK;
return;
}
#endif
if (protected_mode()) {
if (seg->cache.valid==0) {
BX_DEBUG(("write_virtual_checks(): segment descriptor not valid"));
exception(int_number(seg), 0, 0);
}
if (seg->cache.p == 0) { /* not present */
BX_ERROR(("write_virtual_checks(): segment not present"));
exception(int_number(seg), 0, 0);
}
switch (seg->cache.type) {
case 0: case 1: // read only
case 4: case 5: // read only, expand down
case 8: case 9: // execute only
case 10: case 11: // execute/read
case 12: case 13: // execute only, conforming
case 14: case 15: // execute/read-only, conforming
BX_ERROR(("write_virtual_checks(): no write access to seg"));
exception(int_number(seg), 0, 0);
case 2: case 3: /* read/write */
if (offset > (seg->cache.u.segment.limit_scaled - length + 1)
|| (length-1 > seg->cache.u.segment.limit_scaled))
{
BX_ERROR(("write_virtual_checks(): write beyond limit, r/w"));
exception(int_number(seg), 0, 0);
}
if (seg->cache.u.segment.limit_scaled >= 7) {
// Mark cache as being OK type for succeeding writes. The limit
// checks still needs to be done though, but is more simple. We
// could probably also optimize that out with a flag for the case
// when limit is the maximum 32bit value. Limit should accomodate
// at least a dword, since we subtract from it in the simple
// limit check in other functions, and we don't want the value to roll.
// Only normal segments (not expand down) are handled this way.
seg->cache.valid |= SegAccessWOK;
}
break;
case 6: case 7: /* read/write, expand down */
if (seg->cache.u.segment.d_b)
upper_limit = 0xffffffff;
else
upper_limit = 0x0000ffff;
if ((offset <= seg->cache.u.segment.limit_scaled) ||
(offset > upper_limit) || ((upper_limit - offset) < (length - 1)))
{
BX_ERROR(("write_virtual_checks(): write beyond limit, r/w ED"));
exception(int_number(seg), 0, 0);
}
break;
}
return;
}
else { /* real mode */
if (offset > (seg->cache.u.segment.limit_scaled - length + 1)
|| (length-1 > seg->cache.u.segment.limit_scaled))
{
BX_DEBUG(("write_virtual_checks(): write beyond limit (real mode)"));
exception(int_number(seg), 0, 0);
}
if (seg->cache.u.segment.limit_scaled >= 7) {
// Mark cache as being OK type for succeeding writes. See notes above.
seg->cache.valid |= SegAccessWOK;
}
}
}
BX_CPU_C::read_virtual_checks(bx_segment_reg_t *seg, bx_address offset,
unsigned length)
{
Bit32u upper_limit;
#if BX_SUPPORT_X86_64
if (BX_CPU_THIS_PTR cpu_mode == BX_MODE_LONG_64) {
// do canonical checks
if (!IsCanonical(offset)) {
BX_ERROR(("read_virtual_checks(): canonical Failure 0x%08x:%08x", GET32H(offset), GET32L(offset)));
exception(int_number(seg), 0, 0);
}
seg->cache.valid |= SegAccessROK;
return;
}
#endif
if (protected_mode()) {
if (seg->cache.valid==0) {
BX_DEBUG(("read_virtual_checks(): segment descriptor not valid"));
exception(int_number(seg), 0, 0);
}
if (seg->cache.p == 0) { /* not present */
BX_ERROR(("read_virtual_checks(): segment not present"));
exception(int_number(seg), 0, 0);
}
switch (seg->cache.type) {
case 0: case 1: /* read only */
case 2: case 3: /* read/write */
case 10: case 11: /* execute/read */
case 14: case 15: /* execute/read-only, conforming */
if (offset > (seg->cache.u.segment.limit_scaled - length + 1)
|| (length-1 > seg->cache.u.segment.limit_scaled))
{
BX_ERROR(("read_virtual_checks(): read beyond limit"));
exception(int_number(seg), 0, 0);
}
if (seg->cache.u.segment.limit_scaled >= 7) {
// Mark cache as being OK type for succeeding reads. See notes for
// write checks; similar code.
seg->cache.valid |= SegAccessROK;
}
break;
case 4: case 5: /* read only, expand down */
case 6: case 7: /* read/write, expand down */
if (seg->cache.u.segment.d_b)
upper_limit = 0xffffffff;
else
upper_limit = 0x0000ffff;
if ((offset <= seg->cache.u.segment.limit_scaled) ||
(offset > upper_limit) || ((upper_limit - offset) < (length - 1)))
{
BX_ERROR(("read_virtual_checks(): read beyond limit"));
exception(int_number(seg), 0, 0);
}
break;
case 8: case 9: /* execute only */
case 12: case 13: /* execute only, conforming */
/* can't read or write an execute-only segment */
BX_ERROR(("read_virtual_checks(): execute only"));
exception(int_number(seg), 0, 0);
}
return;
}
else { /* real mode */
if (offset > (seg->cache.u.segment.limit_scaled - length + 1)
|| (length-1 > seg->cache.u.segment.limit_scaled))
{
BX_DEBUG(("read_virtual_checks(): read beyond limit (real mode)"));
exception(int_number(seg), 0, 0);
}
if (seg->cache.u.segment.limit_scaled >= 7) {
// Mark cache as being OK type for succeeding reads. See notes for
// write checks; similar code.
seg->cache.valid |= SegAccessROK;
}
}
}
/*
Given a virtual address and a cr3 value, get the PTE (or PDE, for 4MB pages)
that maps the specified address in the specified process.
Note: 'ppte' is OPTIONAL (i.e., it can be NULL).
*/
hvm_status MmuGetPageEntry (hvm_address cr3, hvm_address va, PPTE ppte, hvm_bool* pisLargePage)
{
hvm_status r;
hvm_phy_address addr;
PTE p;
MmuPrint("[MMU] MmuGetPageEntry() cr3: %.8x va: %.8x\n", CR3_ALIGN(cr3), va);
#ifdef ENABLE_PAE
/* Read PDPTE */
addr = CR3_ALIGN(cr3) + (VA_TO_PDPTE(va)*sizeof(PTE));
r = MmuReadPhysicalRegion(addr, &p, sizeof(PTE));
if (r != HVM_STATUS_SUCCESS) {
MmuPrint("[MMU] MmuGetPageEntry() cannot read PDPTE from %.8x\n", addr);
return HVM_STATUS_UNSUCCESSFUL;
}
if (!p.Present)
return HVM_STATUS_UNSUCCESSFUL;
/* Read PDE */
addr = FRAME_TO_PHY(p.PageBaseAddr) + (VA_TO_PDE(va)*sizeof(PTE));
#else
/* Read PDE */
addr = CR3_ALIGN(cr3) + (VA_TO_PDE(va)*sizeof(PTE));
#endif
MmuPrint("[MMU] MmuGetPageEntry() Reading phy %.8x%.8x (NOT large)\n", GET32H(addr), GET32L(addr));
r = MmuReadPhysicalRegion(addr, &p, sizeof(PTE));
if (r != HVM_STATUS_SUCCESS) {
MmuPrint("[MMU] MmuGetPageEntry() cannot read PDE from %.8x\n", addr);
return HVM_STATUS_UNSUCCESSFUL;
}
MmuPrint("[MMU] MmuGetPageEntry() PDE read. Present? %d Large? %d\n", p.Present, p.LargePage);
if (!p.Present)
return HVM_STATUS_UNSUCCESSFUL;
/* If it's present and it's a 4MB page, then this is a hit */
if(p.LargePage) {
if (ppte) *ppte = p;
*pisLargePage = TRUE;
return HVM_STATUS_SUCCESS;
}
/* Read PTE */
addr = FRAME_TO_PHY(p.PageBaseAddr) + (VA_TO_PTE(va)*sizeof(PTE));
r = MmuReadPhysicalRegion(addr, &p, sizeof(PTE));
if (r != HVM_STATUS_SUCCESS) {
MmuPrint("[MMU] MmuGetPageEntry() cannot read PTE from %.8x\n", addr);
return HVM_STATUS_UNSUCCESSFUL;
}
MmuPrint("[MMU] MmuGetPageEntry() PTE read. Present? %d\n", p.Present);
if (!p.Present)
return HVM_STATUS_UNSUCCESSFUL;
if (ppte) *ppte = p;
*pisLargePage = FALSE;
return HVM_STATUS_SUCCESS;
}