search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
- added instructions how to update the online documentation
[bochs-mirror.git] / cpu / tasking.cc
blob92c7bf605320ec0511b1ba47230f0e480376c4eb
1 /////////////////////////////////////////////////////////////////////////
2 // $Id: tasking.cc,v 1.63 2008/09/22 19:53:47 sshwarts Exp $
3 /////////////////////////////////////////////////////////////////////////
4 //
5 // Copyright (C) 2001 MandrakeSoft S.A.
6 //
7 // MandrakeSoft S.A.
8 // 43, rue d'Aboukir
9 // 75002 Paris - France
10 // http://www.linux-mandrake.com/
11 // http://www.mandrakesoft.com/
12 //
13 // This library is free software; you can redistribute it and/or
14 // modify it under the terms of the GNU Lesser General Public
15 // License as published by the Free Software Foundation; either
16 // version 2 of the License, or (at your option) any later version.
17 //
18 // This library is distributed in the hope that it will be useful,
19 // but WITHOUT ANY WARRANTY; without even the implied warranty of
20 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 // Lesser General Public License for more details.
22 //
23 // You should have received a copy of the GNU Lesser General Public
24 // License along with this library; if not, write to the Free Software
25 // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 /////////////////////////////////////////////////////////////////////////
27
28 #define NEED_CPU_REG_SHORTCUTS 1
29 #include "bochs.h"
30 #include "cpu.h"
31 #define LOG_THIS BX_CPU_THIS_PTR
32
33 // Notes:
34 // ======
35
36 // ======================
37 // 286 Task State Segment
38 // ======================
39 // dynamic item | hex dec offset
40 // 0 task LDT selector | 2a 42
41 // 1 DS selector | 28 40
42 // 1 SS selector | 26 38
43 // 1 CS selector | 24 36
44 // 1 ES selector | 22 34
45 // 1 DI | 20 32
46 // 1 SI | 1e 30
47 // 1 BP | 1c 28
48 // 1 SP | 1a 26
49 // 1 BX | 18 24
50 // 1 DX | 16 22
51 // 1 CX | 14 20
52 // 1 AX | 12 18
53 // 1 flag word | 10 16
54 // 1 IP (entry point) | 0e 14
55 // 0 SS for CPL 2 | 0c 12
56 // 0 SP for CPL 2 | 0a 10
57 // 0 SS for CPL 1 | 08 08
58 // 0 SP for CPL 1 | 06 06
59 // 0 SS for CPL 0 | 04 04
60 // 0 SP for CPL 0 | 02 02
61 // back link selector to TSS | 00 00
62
63
64 // ======================
65 // 386 Task State Segment
66 // ======================
67 // |31 16|15 0| hex dec
68 // |I/O Map Base |000000000000000000000|T| 64 100 static
69 // |0000000000000000| LDT | 60 96 static
70 // |0000000000000000| GS selector | 5c 92 dynamic
71 // |0000000000000000| FS selector | 58 88 dynamic
72 // |0000000000000000| DS selector | 54 84 dynamic
73 // |0000000000000000| SS selector | 50 80 dynamic
74 // |0000000000000000| CS selector | 4c 76 dynamic
75 // |0000000000000000| ES selector | 48 72 dynamic
76 // | EDI | 44 68 dynamic
77 // | ESI | 40 64 dynamic
78 // | EBP | 3c 60 dynamic
79 // | ESP | 38 56 dynamic
80 // | EBX | 34 52 dynamic
81 // | EDX | 30 48 dynamic
82 // | ECX | 2c 44 dynamic
83 // | EAX | 28 40 dynamic
84 // | EFLAGS | 24 36 dynamic
85 // | EIP (entry point) | 20 32 dynamic
86 // | CR3 (PDPR) | 1c 28 static
87 // |000000000000000 | SS for CPL 2 | 18 24 static
88 // | ESP for CPL 2 | 14 20 static
89 // |000000000000000 | SS for CPL 1 | 10 16 static
90 // | ESP for CPL 1 | 0c 12 static
91 // |000000000000000 | SS for CPL 0 | 08 08 static
92 // | ESP for CPL 0 | 04 04 static
93 // |000000000000000 | back link to prev TSS | 00 00 dynamic (updated only when return expected)
94
95
96 // ==================================================
97 // Effect of task switch on Busy, NT, and Link Fields
98 // ==================================================
99
100 // Field jump call/interrupt iret
101 // ------------------------------------------------------
102 // new busy bit Set Set No change
103 // old busy bit Cleared No change Cleared
104 // new NT flag No change Set No change
105 // old NT flag No change No change Cleared
106 // new link No change old TSS selector No change
107 // old link No change No change No change
108 // CR0.TS Set Set Set
109
110 // Note: I checked 386, 486, and Pentium, and they all exhibited
111 // exactly the same behaviour as above. There seems to
112 // be some misprints in the Intel docs.
113
114 void BX_CPU_C::task_switch(bx_selector_t *tss_selector,
115 bx_descriptor_t *tss_descriptor, unsigned source,
116 Bit32u dword1, Bit32u dword2)
117 {
118 Bit32u obase32; // base address of old TSS
119 Bit32u nbase32; // base address of new TSS
120 Bit32u temp32, newCR3;
121 Bit16u raw_cs_selector, raw_ss_selector, raw_ds_selector, raw_es_selector,
122 raw_fs_selector, raw_gs_selector, raw_ldt_selector;
123 Bit16u temp16, trap_word;
124 bx_selector_t cs_selector, ss_selector, ds_selector, es_selector,
125 fs_selector, gs_selector, ldt_selector;
126 bx_descriptor_t cs_descriptor, ss_descriptor, ldt_descriptor;
127 Bit32u old_TSS_max, new_TSS_max, old_TSS_limit, new_TSS_limit;
128 Bit32u newEAX, newECX, newEDX, newEBX;
129 Bit32u newESP, newEBP, newESI, newEDI;
130 Bit32u newEFLAGS, newEIP;
131
132 BX_DEBUG(("TASKING: ENTER"));
133
134 invalidate_prefetch_q();
135
136 // Discard any traps and inhibits for new context; traps will
137 // resume upon return.
138 BX_CPU_THIS_PTR debug_trap = 0;
139 BX_CPU_THIS_PTR inhibit_mask = 0;
140
141 // STEP 1: The following checks are made before calling task_switch(),
142 // for JMP & CALL only. These checks are NOT made for exceptions,
143 // interrupts & IRET.
144 //
145 // 1) TSS DPL must be >= CPL
146 // 2) TSS DPL must be >= TSS selector RPL
147 // 3) TSS descriptor is not busy.
148
149 // TSS must be present, else #NP(TSS selector)
150 if (tss_descriptor->p==0) {
151 BX_ERROR(("task_switch: TSS descriptor is not present !"));
152 exception(BX_NP_EXCEPTION, tss_selector->value & 0xfffc, 0);
153 }
154
155 // STEP 2: The processor performs limit-checking on the target TSS
156 // to verify that the TSS limit is greater than or equal
157 // to 67h (2Bh for 16-bit TSS).
158
159 // Gather info about old TSS
160 if (BX_CPU_THIS_PTR tr.cache.type <= 3) {
161 old_TSS_max = 0x29;
162 }
163 else {
164 old_TSS_max = 0x5F;
165 }
166 // Gather info about new TSS
167 if (tss_descriptor->type <= 3) { // {1,3}
168 new_TSS_max = 0x2B;
169 }
170 else { // tss_descriptor->type = {9,11}
171 new_TSS_max = 0x67;
172 }
173
174 obase32 = (Bit32u) BX_CPU_THIS_PTR tr.cache.u.system.base; // old TSS.base
175 old_TSS_limit = BX_CPU_THIS_PTR tr.cache.u.system.limit_scaled;
176 nbase32 = (Bit32u) tss_descriptor->u.system.base; // new TSS.base
177 new_TSS_limit = tss_descriptor->u.system.limit_scaled;
178
179 // TSS must have valid limit, else #TS(TSS selector)
180 if (tss_selector->ti || tss_descriptor->valid==0 ||
181 new_TSS_limit < new_TSS_max)
182 {
183 BX_ERROR(("task_switch(): new TSS limit < %d", new_TSS_max));
184 exception(BX_TS_EXCEPTION, tss_selector->value & 0xfffc, 0);
185 }
186
187 if (old_TSS_limit < old_TSS_max) {
188 BX_ERROR(("task_switch(): old TSS limit < %d", old_TSS_max));
189 exception(BX_TS_EXCEPTION, BX_CPU_THIS_PTR tr.selector.value & 0xfffc, 0);
190 }
191
192 if (obase32 == nbase32) {
193 BX_INFO(("TASK SWITCH: switching to the same TSS !"));
194 }
195
196 // Check that old TSS, new TSS, and all segment descriptors
197 // used in the task switch are paged in.
198 if (BX_CPU_THIS_PTR cr0.get_PG())
199 {
200 dtranslate_linear(obase32, 0, BX_WRITE); // new TSS
201 dtranslate_linear(obase32 + old_TSS_max, 0, BX_WRITE);
202 dtranslate_linear(nbase32, 0, BX_READ); // old TSS
203 dtranslate_linear(nbase32 + new_TSS_max, 0, BX_READ);
204
205 // ??? Humm, we check the new TSS region with READ above,
206 // but sometimes we need to write the link field in that
207 // region. We also sometimes update other fields, perhaps
208 // we need to WRITE check them here also, so that we keep
209 // the written state consistent (ie, we don't encounter a
210 // page fault in the middle).
211
212 if (source == BX_TASK_FROM_CALL_OR_INT)
213 {
214 dtranslate_linear(nbase32, 0, BX_WRITE);
215 dtranslate_linear(nbase32 + 2, 0, BX_WRITE);
216 }
217 }
218
219 // Privilege and busy checks done in CALL, JUMP, INT, IRET
220
221 // STEP 3: Save the current task state in the TSS. Up to this point,
222 // any exception that occurs aborts the task switch without
223 // changing the processor state.
224
225 /* save current machine state in old task's TSS */
226
227 Bit32u oldEFLAGS = read_eflags();
228
229 /* if moving to busy task, clear NT bit */
230 if (tss_descriptor->type == BX_SYS_SEGMENT_BUSY_286_TSS ||
231 tss_descriptor->type == BX_SYS_SEGMENT_BUSY_386_TSS)
232 {
233 oldEFLAGS &= ~EFlagsNTMask;
234 }
235
236 if (BX_CPU_THIS_PTR tr.cache.type <= 3) {
237 temp16 = IP; access_write_linear(Bit32u(obase32 + 14), 2, 0, &temp16);
238 temp16 = oldEFLAGS; access_write_linear(Bit32u(obase32 + 16), 2, 0, &temp16);
239 temp16 = AX; access_write_linear(Bit32u(obase32 + 18), 2, 0, &temp16);
240 temp16 = CX; access_write_linear(Bit32u(obase32 + 20), 2, 0, &temp16);
241 temp16 = DX; access_write_linear(Bit32u(obase32 + 22), 2, 0, &temp16);
242 temp16 = BX; access_write_linear(Bit32u(obase32 + 24), 2, 0, &temp16);
243 temp16 = SP; access_write_linear(Bit32u(obase32 + 26), 2, 0, &temp16);
244 temp16 = BP; access_write_linear(Bit32u(obase32 + 28), 2, 0, &temp16);
245 temp16 = SI; access_write_linear(Bit32u(obase32 + 30), 2, 0, &temp16);
246 temp16 = DI; access_write_linear(Bit32u(obase32 + 32), 2, 0, &temp16);
247 temp16 = BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value;
248 access_write_linear(Bit32u(obase32 + 34), 2, 0, &temp16);
249 temp16 = BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector.value;
250 access_write_linear(Bit32u(obase32 + 36), 2, 0, &temp16);
251 temp16 = BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector.value;
252 access_write_linear(Bit32u(obase32 + 38), 2, 0, &temp16);
253 temp16 = BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector.value;
254 access_write_linear(Bit32u(obase32 + 40), 2, 0, &temp16);
255 }
256 else {
257 temp32 = EIP; access_write_linear(Bit32u(obase32 + 0x20), 4, 0, &temp32);
258 temp32 = oldEFLAGS; access_write_linear(Bit32u(obase32 + 0x24), 4, 0, &temp32);
259 temp32 = EAX; access_write_linear(Bit32u(obase32 + 0x28), 4, 0, &temp32);
260 temp32 = ECX; access_write_linear(Bit32u(obase32 + 0x2c), 4, 0, &temp32);
261 temp32 = EDX; access_write_linear(Bit32u(obase32 + 0x30), 4, 0, &temp32);
262 temp32 = EBX; access_write_linear(Bit32u(obase32 + 0x34), 4, 0, &temp32);
263 temp32 = ESP; access_write_linear(Bit32u(obase32 + 0x38), 4, 0, &temp32);
264 temp32 = EBP; access_write_linear(Bit32u(obase32 + 0x3c), 4, 0, &temp32);
265 temp32 = ESI; access_write_linear(Bit32u(obase32 + 0x40), 4, 0, &temp32);
266 temp32 = EDI; access_write_linear(Bit32u(obase32 + 0x44), 4, 0, &temp32);
267 temp16 = BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value;
268 access_write_linear(Bit32u(obase32 + 0x48), 2, 0, &temp16);
269 temp16 = BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector.value;
270 access_write_linear(Bit32u(obase32 + 0x4c), 2, 0, &temp16);
271 temp16 = BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector.value;
272 access_write_linear(Bit32u(obase32 + 0x50), 2, 0, &temp16);
273 temp16 = BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector.value;
274 access_write_linear(Bit32u(obase32 + 0x54), 2, 0, &temp16);
275 temp16 = BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].selector.value;
276 access_write_linear(Bit32u(obase32 + 0x58), 2, 0, &temp16);
277 temp16 = BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].selector.value;
278 access_write_linear(Bit32u(obase32 + 0x5c), 2, 0, &temp16);
279 }
280
281 // effect on link field of new task
282 if (source == BX_TASK_FROM_CALL_OR_INT)
283 {
284 // set to selector of old task's TSS
285 temp16 = BX_CPU_THIS_PTR tr.selector.value;
286 access_write_linear(nbase32, 2, 0, &temp16);
287 }
288
289 // STEP 4: The new-task state is loaded from the TSS
290
291 if (tss_descriptor->type <= 3) {
292 newEIP = system_read_word(Bit32u(nbase32 + 14));
293 newEFLAGS = system_read_word(Bit32u(nbase32 + 16));
294
295 // incoming TSS is 16bit:
296 // - upper word of general registers is set to 0xFFFF
297 // - upper word of eflags is zero'd
298 // - FS, GS are zero'd
299 // - upper word of eIP is zero'd
300 temp16 = system_read_word(Bit32u(nbase32 + 18));
301 newEAX = 0xffff0000 | temp16;
302 temp16 = system_read_word(Bit32u(nbase32 + 20));
303 newECX = 0xffff0000 | temp16;
304 temp16 = system_read_word(Bit32u(nbase32 + 22));
305 newEDX = 0xffff0000 | temp16;
306 temp16 = system_read_word(Bit32u(nbase32 + 24));
307 newEBX = 0xffff0000 | temp16;
308 temp16 = system_read_word(Bit32u(nbase32 + 26));
309 newESP = 0xffff0000 | temp16;
310 temp16 = system_read_word(Bit32u(nbase32 + 28));
311 newEBP = 0xffff0000 | temp16;
312 temp16 = system_read_word(Bit32u(nbase32 + 30));
313 newESI = 0xffff0000 | temp16;
314 temp16 = system_read_word(Bit32u(nbase32 + 32));
315 newEDI = 0xffff0000 | temp16;
316
317 raw_es_selector = system_read_word(Bit32u(nbase32 + 34));
318 raw_cs_selector = system_read_word(Bit32u(nbase32 + 36));
319 raw_ss_selector = system_read_word(Bit32u(nbase32 + 38));
320 raw_ds_selector = system_read_word(Bit32u(nbase32 + 40));
321 raw_ldt_selector = system_read_word(Bit32u(nbase32 + 42));
322
323 raw_fs_selector = 0; // use a NULL selector
324 raw_gs_selector = 0; // use a NULL selector
325 // No CR3 change for 286 task switch
326 newCR3 = 0; // keep compiler happy (not used)
327 trap_word = 0; // keep compiler happy (not used)
328 }
329 else {
330 if (BX_CPU_THIS_PTR cr0.get_PG())
331 newCR3 = system_read_dword(Bit32u(nbase32 + 0x1c));
332 else
333 newCR3 = 0; // keep compiler happy (not used)
334
335 newEIP = system_read_dword(Bit32u(nbase32 + 0x20));
336 newEFLAGS = system_read_dword(Bit32u(nbase32 + 0x24));
337 newEAX = system_read_dword(Bit32u(nbase32 + 0x28));
338 newECX = system_read_dword(Bit32u(nbase32 + 0x2c));
339 newEDX = system_read_dword(Bit32u(nbase32 + 0x30));
340 newEBX = system_read_dword(Bit32u(nbase32 + 0x34));
341 newESP = system_read_dword(Bit32u(nbase32 + 0x38));
342 newEBP = system_read_dword(Bit32u(nbase32 + 0x3c));
343 newESI = system_read_dword(Bit32u(nbase32 + 0x40));
344 newEDI = system_read_dword(Bit32u(nbase32 + 0x44));
345
346 raw_es_selector = system_read_word(Bit32u(nbase32 + 0x48));
347 raw_cs_selector = system_read_word(Bit32u(nbase32 + 0x4c));
348 raw_ss_selector = system_read_word(Bit32u(nbase32 + 0x50));
349 raw_ds_selector = system_read_word(Bit32u(nbase32 + 0x54));
350 raw_fs_selector = system_read_word(Bit32u(nbase32 + 0x58));
351 raw_gs_selector = system_read_word(Bit32u(nbase32 + 0x5c));
352 raw_ldt_selector = system_read_word(Bit32u(nbase32 + 0x60));
353 trap_word = system_read_word(Bit32u(nbase32 + 0x64));
354 }
355
356 // Step 5: If CALL, interrupt, or JMP, set busy flag in new task's
357 // TSS descriptor. If IRET, leave set.
358
359 if (source == BX_TASK_FROM_JUMP || source == BX_TASK_FROM_CALL_OR_INT)
360 {
361 // set the new task's busy bit
362 Bit32u laddr = (Bit32u)(BX_CPU_THIS_PTR gdtr.base) + (tss_selector->index<<3) + 4;
363 access_read_linear(laddr, 4, 0, BX_READ, &dword2);
364 dword2 |= 0x200;
365 access_write_linear(laddr, 4, 0, &dword2);
366 }
367
368 // Step 6: If JMP or IRET, clear busy bit in old task TSS descriptor,
369 // otherwise leave set.
370
371 // effect on Busy bit of old task
372 if (source == BX_TASK_FROM_JUMP || source == BX_TASK_FROM_IRET) {
373 // Bit is cleared
374 Bit32u laddr = (Bit32u) BX_CPU_THIS_PTR gdtr.base + (BX_CPU_THIS_PTR tr.selector.index<<3) + 4;
375 access_read_linear(laddr, 4, 0, BX_READ, &temp32);
376 temp32 &= ~0x200;
377 access_write_linear(laddr, 4, 0, &temp32);
378 }
379
380 //
381 // Commit point. At this point, we commit to the new
382 // context. If an unrecoverable error occurs in further
383 // processing, we complete the task switch without performing
384 // additional access and segment availablility checks and
385 // generate the appropriate exception prior to beginning
386 // execution of the new task.
387 //
388
389 // Step 7: Load the task register with the segment selector and
390 // descriptor for the new task TSS.
391
392 BX_CPU_THIS_PTR tr.selector = *tss_selector;
393 BX_CPU_THIS_PTR tr.cache = *tss_descriptor;
394 BX_CPU_THIS_PTR tr.cache.type |= 2; // mark TSS in TR as busy
395
396 // Step 8: Set TS flag in the CR0 image stored in the new task TSS.
397 BX_CPU_THIS_PTR cr0.set_TS(1);
398
399 // Task switch clears LE/L3/L2/L1/L0 in DR7
400 BX_CPU_THIS_PTR dr7 &= ~0x00000155;
401
402 // Step 9: If call or interrupt, set the NT flag in the eflags
403 // image stored in new task's TSS. If IRET or JMP,
404 // NT is restored from new TSS eflags image. (no change)
405
406 // effect on NT flag of new task
407 if (source == BX_TASK_FROM_CALL_OR_INT) {
408 newEFLAGS |= EFlagsNTMask; // NT flag is set
409 }
410
411 // Step 10: Load the new task (dynamic) state from new TSS.
412 // Any errors associated with loading and qualification of
413 // segment descriptors in this step occur in the new task's
414 // context. State loaded here includes LDTR, CR3,
415 // EFLAGS, EIP, general purpose registers, and segment
416 // descriptor parts of the segment registers.
417
418 BX_CPU_THIS_PTR prev_rip = EIP = newEIP;
419
420 EAX = newEAX;
421 ECX = newECX;
422 EDX = newEDX;
423 EBX = newEBX;
424 ESP = newESP;
425 EBP = newEBP;
426 ESI = newESI;
427 EDI = newEDI;
428
429 writeEFlags(newEFLAGS, EFlagsValidMask);
430
431 // Fill in selectors for all segment registers. If errors
432 // occur later, the selectors will at least be loaded.
433 parse_selector(raw_cs_selector, &cs_selector);
434 BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector = cs_selector;
435 parse_selector(raw_ss_selector, &ss_selector);
436 BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector = ss_selector;
437 parse_selector(raw_ds_selector, &ds_selector);
438 BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector = ds_selector;
439 parse_selector(raw_es_selector, &es_selector);
440 BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector = es_selector;
441 parse_selector(raw_fs_selector, &fs_selector);
442 BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].selector = fs_selector;
443 parse_selector(raw_gs_selector, &gs_selector);
444 BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].selector = gs_selector;
445 parse_selector(raw_ldt_selector, &ldt_selector);
446 BX_CPU_THIS_PTR ldtr.selector = ldt_selector;
447
448 // Start out with invalid descriptor caches, fill in with
449 // values only as they are validated
450 BX_CPU_THIS_PTR ldtr.cache.valid = 0;
451 BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.valid = 0;
452 BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].cache.valid = 0;
453 BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].cache.valid = 0;
454 BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].cache.valid = 0;
455 BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].cache.valid = 0;
456 BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].cache.valid = 0;
457
458 if ((tss_descriptor->type >= 9) && BX_CPU_THIS_PTR cr0.get_PG()) {
459 // change CR3 only if it actually modified
460 if (newCR3 != BX_CPU_THIS_PTR cr3) {
461 SetCR3(newCR3); // Tell paging unit about new cr3 value
462 BX_DEBUG(("task_switch changing CR3 to 0x" FMT_PHY_ADDRX, newCR3));
463 BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_TASKSWITCH, newCR3);
464 }
465 }
466
467 // LDTR
468 if (ldt_selector.ti) {
469 // LDT selector must be in GDT
470 BX_INFO(("task_switch(exception after commit point): bad LDT selector TI=1"));
471 exception(BX_TS_EXCEPTION, raw_ldt_selector & 0xfffc, 0);
472 }
473
474 if ((raw_ldt_selector & 0xfffc) != 0) {
475 bx_bool good = fetch_raw_descriptor2(&ldt_selector, &dword1, &dword2);
476 if (!good) {
477 BX_ERROR(("task_switch(exception after commit point): bad LDT fetch"));
478 exception(BX_TS_EXCEPTION, raw_ldt_selector & 0xfffc, 0);
479 }
480
481 parse_descriptor(dword1, dword2, &ldt_descriptor);
482
483 // LDT selector of new task is valid, else #TS(new task's LDT)
484 if (ldt_descriptor.valid==0 ||
485 ldt_descriptor.type!=BX_SYS_SEGMENT_LDT ||
486 ldt_descriptor.segment)
487 {
488 BX_ERROR(("task_switch(exception after commit point): bad LDT segment"));
489 exception(BX_TS_EXCEPTION, raw_ldt_selector & 0xfffc, 0);
490 }
491
492 // LDT of new task is present in memory, else #TS(new tasks's LDT)
493 if (! IS_PRESENT(ldt_descriptor)) {
494 BX_ERROR(("task_switch(exception after commit point): LDT not present"));
495 exception(BX_TS_EXCEPTION, raw_ldt_selector & 0xfffc, 0);
496 }
497
498 // All checks pass, fill in LDTR shadow cache
499 BX_CPU_THIS_PTR ldtr.cache = ldt_descriptor;
500 }
501 else {
502 // NULL LDT selector is OK, leave cache invalid
503 }
504
505 if (v8086_mode()) {
506 // load seg regs as 8086 registers
507 load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS], raw_ss_selector);
508 load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS], raw_ds_selector);
509 load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES], raw_es_selector);
510 load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS], raw_fs_selector);
511 load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS], raw_gs_selector);
512 load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS], raw_cs_selector);
513 }
514 else {
515
516 unsigned save_CPL = CPL;
517 /* set CPL to 3 to force a privilege level change and stack switch if SS
518 is not properly loaded */
519 CPL = 3;
520
521 // SS
522 if ((raw_ss_selector & 0xfffc) != 0)
523 {
524 bx_bool good = fetch_raw_descriptor2(&ss_selector, &dword1, &dword2);
525 if (!good) {
526 BX_ERROR(("task_switch(exception after commit point): bad SS fetch"));
527 exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc, 0);
528 }
529
530 parse_descriptor(dword1, dword2, &ss_descriptor);
531
532 // SS selector must be within its descriptor table limits else #TS(SS)
533 // SS descriptor AR byte must must indicate writable data segment,
534 // else #TS(SS)
535 if (ss_descriptor.valid==0 || ss_descriptor.segment==0 ||
536 IS_CODE_SEGMENT(ss_descriptor.type) ||
537 !IS_DATA_SEGMENT_WRITEABLE(ss_descriptor.type))
538 {
539 BX_ERROR(("task_switch(exception after commit point): SS not valid or writeable segment"));
540 exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc, 0);
541 }
542
543 //
544 // Stack segment is present in memory, else #SS(new stack segment)
545 //
546 if (! IS_PRESENT(ss_descriptor)) {
547 BX_ERROR(("task_switch(exception after commit point): SS not present"));
548 exception(BX_SS_EXCEPTION, raw_ss_selector & 0xfffc, 0);
549 }
550
551 // Stack segment DPL matches CS.RPL, else #TS(new stack segment)
552 if (ss_descriptor.dpl != cs_selector.rpl) {
553 BX_ERROR(("task_switch(exception after commit point): SS.rpl != CS.RPL"));
554 exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc, 0);
555 }
556
557 // Stack segment DPL matches selector RPL, else #TS(new stack segment)
558 if (ss_descriptor.dpl != ss_selector.rpl) {
559 BX_ERROR(("task_switch(exception after commit point): SS.dpl != SS.rpl"));
560 exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc, 0);
561 }
562
563 // All checks pass, fill in shadow cache
564 BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].cache = ss_descriptor;
565 }
566 else {
567 // SS selector is valid, else #TS(new stack segment)
568 BX_ERROR(("task_switch(exception after commit point): SS NULL"));
569 exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc, 0);
570 }
571
572 CPL = save_CPL;
573
574 task_switch_load_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS],
575 &ds_selector, raw_ds_selector, cs_selector.rpl);
576 task_switch_load_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES],
577 &es_selector, raw_es_selector, cs_selector.rpl);
578 task_switch_load_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS],
579 &fs_selector, raw_fs_selector, cs_selector.rpl);
580 task_switch_load_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS],
581 &gs_selector, raw_gs_selector, cs_selector.rpl);
582
583 // if new selector is not null then perform following checks:
584 // index must be within its descriptor table limits else #TS(selector)
585 // AR byte must indicate data or readable code else #TS(selector)
586 // if data or non-conforming code then:
587 // DPL must be >= CPL else #TS(selector)
588 // DPL must be >= RPL else #TS(selector)
589 // AR byte must indicate PRESENT else #NP(selector)
590 // load cache with new segment descriptor and set valid bit
591
592 // CS
593 if ((raw_cs_selector & 0xfffc) != 0) {
594 bx_bool good = fetch_raw_descriptor2(&cs_selector, &dword1, &dword2);
595 if (!good) {
596 BX_ERROR(("task_switch(exception after commit point): bad CS fetch"));
597 exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc, 0);
598 }
599
600 parse_descriptor(dword1, dword2, &cs_descriptor);
601
602 // CS descriptor AR byte must indicate code segment else #TS(CS)
603 if (cs_descriptor.valid==0 || cs_descriptor.segment==0 ||
604 IS_DATA_SEGMENT(cs_descriptor.type))
605 {
606 BX_ERROR(("task_switch(exception after commit point): CS not valid executable seg"));
607 exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc, 0);
608 }
609
610 // if non-conforming then DPL must equal selector RPL else #TS(CS)
611 if (IS_CODE_SEGMENT_NON_CONFORMING(cs_descriptor.type) &&
612 cs_descriptor.dpl != cs_selector.rpl)
613 {
614 BX_ERROR(("task_switch(exception after commit point): non-conforming: CS.dpl!=CS.RPL"));
615 exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc, 0);
616 }
617
618 // if conforming then DPL must be <= selector RPL else #TS(CS)
619 if (IS_CODE_SEGMENT_CONFORMING(cs_descriptor.type) &&
620 cs_descriptor.dpl > cs_selector.rpl)
621 {
622 BX_ERROR(("task_switch(exception after commit point): conforming: CS.dpl>RPL"));
623 exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc, 0);
624 }
625
626 // Code segment is present in memory, else #NP(new code segment)
627 if (! IS_PRESENT(cs_descriptor)) {
628 BX_ERROR(("task_switch(exception after commit point): CS.p==0"));
629 exception(BX_NP_EXCEPTION, raw_cs_selector & 0xfffc, 0);
630 }
631
632 // All checks pass, fill in shadow cache
633 BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache = cs_descriptor;
634 }
635 else {
636 // If new cs selector is null #TS(CS)
637 BX_ERROR(("task_switch(exception after commit point): CS NULL"));
638 exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc, 0);
639 }
640
641 updateFetchModeMask();
642
643 #if BX_CPU_LEVEL >= 4 && BX_SUPPORT_ALIGNMENT_CHECK
644 handleAlignmentCheck(); // task switch, CPL was modified
645 #endif
646 }
647
648
649 if ((tss_descriptor->type>=9) && (trap_word & 0x1)) {
650 BX_CPU_THIS_PTR debug_trap |= 0x00008000; // BT flag in DR6
651 BX_CPU_THIS_PTR async_event = 1; // so processor knows to check
652 BX_INFO(("task_switch: T bit set in new TSS"));
653 }
654
655 //
656 // Step 14: Begin execution of new task.
657 //
658 BX_DEBUG(("TASKING: LEAVE"));
659 }
660
661 void BX_CPU_C::task_switch_load_selector(bx_segment_reg_t *seg,
662 bx_selector_t *selector, Bit16u raw_selector, Bit8u cs_rpl)
663 {
664 bx_descriptor_t descriptor;
665 Bit32u dword1, dword2;
666
667 // NULL selector is OK, will leave cache invalid
668 if ((raw_selector & 0xfffc) != 0)
669 {
670 bx_bool good = fetch_raw_descriptor2(selector, &dword1, &dword2);
671 if (!good) {
672 BX_ERROR(("task_switch(%s): bad selector fetch !", strseg(seg)));
673 exception(BX_TS_EXCEPTION, raw_selector & 0xfffc, 0);
674 }
675
676 parse_descriptor(dword1, dword2, &descriptor);
677
678 /* AR byte must indicate data or readable code segment else #TS(selector) */
679 if (descriptor.segment==0 || (IS_CODE_SEGMENT(descriptor.type) &&
680 IS_CODE_SEGMENT_READABLE(descriptor.type) == 0))
681 {
682 BX_ERROR(("task_switch(%s): not data or readable code !", strseg(seg)));
683 exception(BX_TS_EXCEPTION, raw_selector & 0xfffc, 0);
684 }
685
686 /* If data or non-conforming code, then both the RPL and the CPL
687 * must be less than or equal to DPL in AR byte else #GP(selector) */
688 if (IS_DATA_SEGMENT(descriptor.type) ||
689 IS_CODE_SEGMENT_NON_CONFORMING(descriptor.type))
690 {
691 if ((selector->rpl > descriptor.dpl) || (cs_rpl > descriptor.dpl)) {
692 BX_ERROR(("load_seg_reg(%s): RPL & CPL must be <= DPL", strseg(seg)));
693 exception(BX_TS_EXCEPTION, raw_selector & 0xfffc, 0);
694 }
695 }
696
697 if (! IS_PRESENT(descriptor)) {
698 BX_ERROR(("task_switch(%s): descriptor not present !", strseg(seg)));
699 exception(BX_NP_EXCEPTION, raw_selector & 0xfffc, 0);
700 }
701
702 // All checks pass, fill in shadow cache
703 seg->cache = descriptor;
704 }
705 }
706
707 void BX_CPU_C::get_SS_ESP_from_TSS(unsigned pl, Bit16u *ss, Bit32u *esp)
708 {
709 if (BX_CPU_THIS_PTR tr.cache.valid==0)
710 BX_PANIC(("get_SS_ESP_from_TSS: TR.cache invalid"));
711
712 if (BX_CPU_THIS_PTR tr.cache.type==BX_SYS_SEGMENT_AVAIL_386_TSS ||
713 BX_CPU_THIS_PTR tr.cache.type==BX_SYS_SEGMENT_BUSY_386_TSS)
714 {
715 // 32-bit TSS
716 Bit32u TSSstackaddr = 8*pl + 4;
717 if ((TSSstackaddr+7) > BX_CPU_THIS_PTR tr.cache.u.system.limit_scaled) {
718 BX_DEBUG(("get_SS_ESP_from_TSS(386): TSSstackaddr > TSS.LIMIT"));
719 exception(BX_TS_EXCEPTION, BX_CPU_THIS_PTR tr.selector.value & 0xfffc, 0);
720 }
721 *ss = system_read_word (BX_CPU_THIS_PTR tr.cache.u.system.base + TSSstackaddr + 4);
722 *esp = system_read_dword(BX_CPU_THIS_PTR tr.cache.u.system.base + TSSstackaddr);
723 }
724 else if (BX_CPU_THIS_PTR tr.cache.type==BX_SYS_SEGMENT_AVAIL_286_TSS ||
725 BX_CPU_THIS_PTR tr.cache.type==BX_SYS_SEGMENT_BUSY_286_TSS)
726 {
727 // 16-bit TSS
728 Bit32u TSSstackaddr = 4*pl + 2;
729 if ((TSSstackaddr+3) > BX_CPU_THIS_PTR tr.cache.u.system.limit_scaled) {
730 BX_DEBUG(("get_SS_ESP_from_TSS(286): TSSstackaddr > TSS.LIMIT"));
731 exception(BX_TS_EXCEPTION, BX_CPU_THIS_PTR tr.selector.value & 0xfffc, 0);
732 }
733 *ss = system_read_word(BX_CPU_THIS_PTR tr.cache.u.system.base + TSSstackaddr + 2);
734 *esp = (Bit32u) system_read_word(BX_CPU_THIS_PTR tr.cache.u.system.base + TSSstackaddr);
735 }
736 else {
737 BX_PANIC(("get_SS_ESP_from_TSS: TR is bogus type (%u)",
738 (unsigned) BX_CPU_THIS_PTR tr.cache.type));
739 }
740 }
741
742 #if BX_SUPPORT_X86_64
743 Bit64u BX_CPU_C::get_RSP_from_TSS(unsigned pl)
744 {
745 if (BX_CPU_THIS_PTR tr.cache.valid==0)
746 BX_PANIC(("get_RSP_from_TSS: TR.cache invalid"));
747
748 // 32-bit TSS
749 Bit32u TSSstackaddr = 8*pl + 4;
750 if ((TSSstackaddr+7) > BX_CPU_THIS_PTR tr.cache.u.system.limit_scaled) {
751 BX_DEBUG(("get_RSP_from_TSS(): TSSstackaddr > TSS.LIMIT"));
752 exception(BX_TS_EXCEPTION, BX_CPU_THIS_PTR tr.selector.value & 0xfffc, 0);
753 }
754
755 Bit64u rsp = system_read_qword(BX_CPU_THIS_PTR tr.cache.u.system.base + TSSstackaddr);
756 return rsp;
757 }
758 #endif // #if BX_SUPPORT_X86_64
Mirror of Bochs CVS