search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Full support for Ginger Console
[linux-ginger.git] / arch / x86 / kvm / emulate.c
blob1be5cd640e93f2f71b92829fbba082b37bdabe62
1 /******************************************************************************
2 * emulate.c
3 *
4 * Generic x86 (32-bit and 64-bit) instruction decoder and emulator.
5 *
6 * Copyright (c) 2005 Keir Fraser
7 *
8 * Linux coding style, mod r/m decoder, segment base fixes, real-mode
9 * privileged instructions:
10 *
11 * Copyright (C) 2006 Qumranet
12 *
13 * Avi Kivity <avi@qumranet.com>
14 * Yaniv Kamay <yaniv@qumranet.com>
15 *
16 * This work is licensed under the terms of the GNU GPL, version 2. See
17 * the COPYING file in the top-level directory.
18 *
19 * From: xen-unstable 10676:af9809f51f81a3c43f276f00c81a52ef558afda4
20 */
21
22 #ifndef __KERNEL__
23 #include <stdio.h>
24 #include <stdint.h>
25 #include <public/xen.h>
26 #define DPRINTF(_f, _a ...) printf(_f , ## _a)
27 #else
28 #include <linux/kvm_host.h>
29 #include "kvm_cache_regs.h"
30 #define DPRINTF(x...) do {} while (0)
31 #endif
32 #include <linux/module.h>
33 #include <asm/kvm_emulate.h>
34
35 #include "mmu.h" /* for is_long_mode() */
36
37 /*
38 * Opcode effective-address decode tables.
39 * Note that we only emulate instructions that have at least one memory
40 * operand (excluding implicit stack references). We assume that stack
41 * references and instruction fetches will never occur in special memory
42 * areas that require emulation. So, for example, 'mov <imm>,<reg>' need
43 * not be handled.
44 */
45
46 /* Operand sizes: 8-bit operands or specified/overridden size. */
47 #define ByteOp (1<<0) /* 8-bit operands. */
48 /* Destination operand type. */
49 #define ImplicitOps (1<<1) /* Implicit in opcode. No generic decode. */
50 #define DstReg (2<<1) /* Register operand. */
51 #define DstMem (3<<1) /* Memory operand. */
52 #define DstAcc (4<<1) /* Destination Accumulator */
53 #define DstMask (7<<1)
54 /* Source operand type. */
55 #define SrcNone (0<<4) /* No source operand. */
56 #define SrcImplicit (0<<4) /* Source operand is implicit in the opcode. */
57 #define SrcReg (1<<4) /* Register operand. */
58 #define SrcMem (2<<4) /* Memory operand. */
59 #define SrcMem16 (3<<4) /* Memory operand (16-bit). */
60 #define SrcMem32 (4<<4) /* Memory operand (32-bit). */
61 #define SrcImm (5<<4) /* Immediate operand. */
62 #define SrcImmByte (6<<4) /* 8-bit sign-extended immediate operand. */
63 #define SrcOne (7<<4) /* Implied '1' */
64 #define SrcImmUByte (8<<4) /* 8-bit unsigned immediate operand. */
65 #define SrcImmU (9<<4) /* Immediate operand, unsigned */
66 #define SrcMask (0xf<<4)
67 /* Generic ModRM decode. */
68 #define ModRM (1<<8)
69 /* Destination is only written; never read. */
70 #define Mov (1<<9)
71 #define BitOp (1<<10)
72 #define MemAbs (1<<11) /* Memory operand is absolute displacement */
73 #define String (1<<12) /* String instruction (rep capable) */
74 #define Stack (1<<13) /* Stack instruction (push/pop) */
75 #define Group (1<<14) /* Bits 3:5 of modrm byte extend opcode */
76 #define GroupDual (1<<15) /* Alternate decoding of mod == 3 */
77 #define GroupMask 0xff /* Group number stored in bits 0:7 */
78 /* Source 2 operand type */
79 #define Src2None (0<<29)
80 #define Src2CL (1<<29)
81 #define Src2ImmByte (2<<29)
82 #define Src2One (3<<29)
83 #define Src2Imm16 (4<<29)
84 #define Src2Mask (7<<29)
85
86 enum {
87 Group1_80, Group1_81, Group1_82, Group1_83,
88 Group1A, Group3_Byte, Group3, Group4, Group5, Group7,
89 };
90
91 static u32 opcode_table[256] = {
92 /* 0x00 - 0x07 */
93 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
94 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
95 ByteOp | DstAcc | SrcImm, DstAcc | SrcImm, 0, 0,
96 /* 0x08 - 0x0F */
97 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
98 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
99 0, 0, 0, 0,
100 /* 0x10 - 0x17 */
101 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
102 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
103 ByteOp | DstAcc | SrcImm, DstAcc | SrcImm, 0, 0,
104 /* 0x18 - 0x1F */
105 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
106 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
107 ByteOp | DstAcc | SrcImm, DstAcc | SrcImm, 0, 0,
108 /* 0x20 - 0x27 */
109 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
110 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
111 DstAcc | SrcImmByte, DstAcc | SrcImm, 0, 0,
112 /* 0x28 - 0x2F */
113 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
114 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
115 0, 0, 0, 0,
116 /* 0x30 - 0x37 */
117 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
118 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
119 0, 0, 0, 0,
120 /* 0x38 - 0x3F */
121 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
122 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
123 ByteOp | DstAcc | SrcImm, DstAcc | SrcImm,
124 0, 0,
125 /* 0x40 - 0x47 */
126 DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg,
127 /* 0x48 - 0x4F */
128 DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg,
129 /* 0x50 - 0x57 */
130 SrcReg | Stack, SrcReg | Stack, SrcReg | Stack, SrcReg | Stack,
131 SrcReg | Stack, SrcReg | Stack, SrcReg | Stack, SrcReg | Stack,
132 /* 0x58 - 0x5F */
133 DstReg | Stack, DstReg | Stack, DstReg | Stack, DstReg | Stack,
134 DstReg | Stack, DstReg | Stack, DstReg | Stack, DstReg | Stack,
135 /* 0x60 - 0x67 */
136 0, 0, 0, DstReg | SrcMem32 | ModRM | Mov /* movsxd (x86/64) */ ,
137 0, 0, 0, 0,
138 /* 0x68 - 0x6F */
139 SrcImm | Mov | Stack, 0, SrcImmByte | Mov | Stack, 0,
140 SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps, /* insb, insw/insd */
141 SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps, /* outsb, outsw/outsd */
142 /* 0x70 - 0x77 */
143 SrcImmByte, SrcImmByte, SrcImmByte, SrcImmByte,
144 SrcImmByte, SrcImmByte, SrcImmByte, SrcImmByte,
145 /* 0x78 - 0x7F */
146 SrcImmByte, SrcImmByte, SrcImmByte, SrcImmByte,
147 SrcImmByte, SrcImmByte, SrcImmByte, SrcImmByte,
148 /* 0x80 - 0x87 */
149 Group | Group1_80, Group | Group1_81,
150 Group | Group1_82, Group | Group1_83,
151 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
152 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
153 /* 0x88 - 0x8F */
154 ByteOp | DstMem | SrcReg | ModRM | Mov, DstMem | SrcReg | ModRM | Mov,
155 ByteOp | DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
156 DstMem | SrcReg | ModRM | Mov, ModRM | DstReg,
157 DstReg | SrcMem | ModRM | Mov, Group | Group1A,
158 /* 0x90 - 0x97 */
159 DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg,
160 /* 0x98 - 0x9F */
161 0, 0, SrcImm | Src2Imm16, 0,
162 ImplicitOps | Stack, ImplicitOps | Stack, 0, 0,
163 /* 0xA0 - 0xA7 */
164 ByteOp | DstReg | SrcMem | Mov | MemAbs, DstReg | SrcMem | Mov | MemAbs,
165 ByteOp | DstMem | SrcReg | Mov | MemAbs, DstMem | SrcReg | Mov | MemAbs,
166 ByteOp | ImplicitOps | Mov | String, ImplicitOps | Mov | String,
167 ByteOp | ImplicitOps | String, ImplicitOps | String,
168 /* 0xA8 - 0xAF */
169 0, 0, ByteOp | ImplicitOps | Mov | String, ImplicitOps | Mov | String,
170 ByteOp | ImplicitOps | Mov | String, ImplicitOps | Mov | String,
171 ByteOp | ImplicitOps | String, ImplicitOps | String,
172 /* 0xB0 - 0xB7 */
173 ByteOp | DstReg | SrcImm | Mov, ByteOp | DstReg | SrcImm | Mov,
174 ByteOp | DstReg | SrcImm | Mov, ByteOp | DstReg | SrcImm | Mov,
175 ByteOp | DstReg | SrcImm | Mov, ByteOp | DstReg | SrcImm | Mov,
176 ByteOp | DstReg | SrcImm | Mov, ByteOp | DstReg | SrcImm | Mov,
177 /* 0xB8 - 0xBF */
178 DstReg | SrcImm | Mov, DstReg | SrcImm | Mov,
179 DstReg | SrcImm | Mov, DstReg | SrcImm | Mov,
180 DstReg | SrcImm | Mov, DstReg | SrcImm | Mov,
181 DstReg | SrcImm | Mov, DstReg | SrcImm | Mov,
182 /* 0xC0 - 0xC7 */
183 ByteOp | DstMem | SrcImm | ModRM, DstMem | SrcImmByte | ModRM,
184 0, ImplicitOps | Stack, 0, 0,
185 ByteOp | DstMem | SrcImm | ModRM | Mov, DstMem | SrcImm | ModRM | Mov,
186 /* 0xC8 - 0xCF */
187 0, 0, 0, ImplicitOps | Stack,
188 ImplicitOps, SrcImmByte, ImplicitOps, ImplicitOps,
189 /* 0xD0 - 0xD7 */
190 ByteOp | DstMem | SrcImplicit | ModRM, DstMem | SrcImplicit | ModRM,
191 ByteOp | DstMem | SrcImplicit | ModRM, DstMem | SrcImplicit | ModRM,
192 0, 0, 0, 0,
193 /* 0xD8 - 0xDF */
194 0, 0, 0, 0, 0, 0, 0, 0,
195 /* 0xE0 - 0xE7 */
196 0, 0, 0, 0,
197 ByteOp | SrcImmUByte, SrcImmUByte,
198 ByteOp | SrcImmUByte, SrcImmUByte,
199 /* 0xE8 - 0xEF */
200 SrcImm | Stack, SrcImm | ImplicitOps,
201 SrcImmU | Src2Imm16, SrcImmByte | ImplicitOps,
202 SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
203 SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
204 /* 0xF0 - 0xF7 */
205 0, 0, 0, 0,
206 ImplicitOps, ImplicitOps, Group | Group3_Byte, Group | Group3,
207 /* 0xF8 - 0xFF */
208 ImplicitOps, 0, ImplicitOps, ImplicitOps,
209 ImplicitOps, ImplicitOps, Group | Group4, Group | Group5,
210 };
211
212 static u32 twobyte_table[256] = {
213 /* 0x00 - 0x0F */
214 0, Group | GroupDual | Group7, 0, 0, 0, ImplicitOps, ImplicitOps, 0,
215 ImplicitOps, ImplicitOps, 0, 0, 0, ImplicitOps | ModRM, 0, 0,
216 /* 0x10 - 0x1F */
217 0, 0, 0, 0, 0, 0, 0, 0, ImplicitOps | ModRM, 0, 0, 0, 0, 0, 0, 0,
218 /* 0x20 - 0x2F */
219 ModRM | ImplicitOps, ModRM, ModRM | ImplicitOps, ModRM, 0, 0, 0, 0,
220 0, 0, 0, 0, 0, 0, 0, 0,
221 /* 0x30 - 0x3F */
222 ImplicitOps, 0, ImplicitOps, 0,
223 ImplicitOps, ImplicitOps, 0, 0,
224 0, 0, 0, 0, 0, 0, 0, 0,
225 /* 0x40 - 0x47 */
226 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
227 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
228 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
229 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
230 /* 0x48 - 0x4F */
231 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
232 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
233 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
234 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
235 /* 0x50 - 0x5F */
236 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
237 /* 0x60 - 0x6F */
238 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
239 /* 0x70 - 0x7F */
240 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
241 /* 0x80 - 0x8F */
242 SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm,
243 SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm,
244 /* 0x90 - 0x9F */
245 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
246 /* 0xA0 - 0xA7 */
247 0, 0, 0, DstMem | SrcReg | ModRM | BitOp,
248 DstMem | SrcReg | Src2ImmByte | ModRM,
249 DstMem | SrcReg | Src2CL | ModRM, 0, 0,
250 /* 0xA8 - 0xAF */
251 0, 0, 0, DstMem | SrcReg | ModRM | BitOp,
252 DstMem | SrcReg | Src2ImmByte | ModRM,
253 DstMem | SrcReg | Src2CL | ModRM,
254 ModRM, 0,
255 /* 0xB0 - 0xB7 */
256 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM, 0,
257 DstMem | SrcReg | ModRM | BitOp,
258 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov,
259 DstReg | SrcMem16 | ModRM | Mov,
260 /* 0xB8 - 0xBF */
261 0, 0, DstMem | SrcImmByte | ModRM, DstMem | SrcReg | ModRM | BitOp,
262 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov,
263 DstReg | SrcMem16 | ModRM | Mov,
264 /* 0xC0 - 0xCF */
265 0, 0, 0, DstMem | SrcReg | ModRM | Mov, 0, 0, 0, ImplicitOps | ModRM,
266 0, 0, 0, 0, 0, 0, 0, 0,
267 /* 0xD0 - 0xDF */
268 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
269 /* 0xE0 - 0xEF */
270 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
271 /* 0xF0 - 0xFF */
272 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
273 };
274
275 static u32 group_table[] = {
276 [Group1_80*8] =
277 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
278 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
279 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
280 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
281 [Group1_81*8] =
282 DstMem | SrcImm | ModRM, DstMem | SrcImm | ModRM,
283 DstMem | SrcImm | ModRM, DstMem | SrcImm | ModRM,
284 DstMem | SrcImm | ModRM, DstMem | SrcImm | ModRM,
285 DstMem | SrcImm | ModRM, DstMem | SrcImm | ModRM,
286 [Group1_82*8] =
287 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
288 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
289 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
290 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
291 [Group1_83*8] =
292 DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
293 DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
294 DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
295 DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
296 [Group1A*8] =
297 DstMem | SrcNone | ModRM | Mov | Stack, 0, 0, 0, 0, 0, 0, 0,
298 [Group3_Byte*8] =
299 ByteOp | SrcImm | DstMem | ModRM, 0,
300 ByteOp | DstMem | SrcNone | ModRM, ByteOp | DstMem | SrcNone | ModRM,
301 0, 0, 0, 0,
302 [Group3*8] =
303 DstMem | SrcImm | ModRM, 0,
304 DstMem | SrcNone | ModRM, DstMem | SrcNone | ModRM,
305 0, 0, 0, 0,
306 [Group4*8] =
307 ByteOp | DstMem | SrcNone | ModRM, ByteOp | DstMem | SrcNone | ModRM,
308 0, 0, 0, 0, 0, 0,
309 [Group5*8] =
310 DstMem | SrcNone | ModRM, DstMem | SrcNone | ModRM,
311 SrcMem | ModRM | Stack, 0,
312 SrcMem | ModRM | Stack, 0, SrcMem | ModRM | Stack, 0,
313 [Group7*8] =
314 0, 0, ModRM | SrcMem, ModRM | SrcMem,
315 SrcNone | ModRM | DstMem | Mov, 0,
316 SrcMem16 | ModRM | Mov, SrcMem | ModRM | ByteOp,
317 };
318
319 static u32 group2_table[] = {
320 [Group7*8] =
321 SrcNone | ModRM, 0, 0, SrcNone | ModRM,
322 SrcNone | ModRM | DstMem | Mov, 0,
323 SrcMem16 | ModRM | Mov, 0,
324 };
325
326 /* EFLAGS bit definitions. */
327 #define EFLG_VM (1<<17)
328 #define EFLG_RF (1<<16)
329 #define EFLG_OF (1<<11)
330 #define EFLG_DF (1<<10)
331 #define EFLG_IF (1<<9)
332 #define EFLG_SF (1<<7)
333 #define EFLG_ZF (1<<6)
334 #define EFLG_AF (1<<4)
335 #define EFLG_PF (1<<2)
336 #define EFLG_CF (1<<0)
337
338 /*
339 * Instruction emulation:
340 * Most instructions are emulated directly via a fragment of inline assembly
341 * code. This allows us to save/restore EFLAGS and thus very easily pick up
342 * any modified flags.
343 */
344
345 #if defined(CONFIG_X86_64)
346 #define _LO32 "k" /* force 32-bit operand */
347 #define _STK "%%rsp" /* stack pointer */
348 #elif defined(__i386__)
349 #define _LO32 "" /* force 32-bit operand */
350 #define _STK "%%esp" /* stack pointer */
351 #endif
352
353 /*
354 * These EFLAGS bits are restored from saved value during emulation, and
355 * any changes are written back to the saved value after emulation.
356 */
357 #define EFLAGS_MASK (EFLG_OF|EFLG_SF|EFLG_ZF|EFLG_AF|EFLG_PF|EFLG_CF)
358
359 /* Before executing instruction: restore necessary bits in EFLAGS. */
360 #define _PRE_EFLAGS(_sav, _msk, _tmp) \
361 /* EFLAGS = (_sav & _msk) | (EFLAGS & ~_msk); _sav &= ~_msk; */ \
362 "movl %"_sav",%"_LO32 _tmp"; " \
363 "push %"_tmp"; " \
364 "push %"_tmp"; " \
365 "movl %"_msk",%"_LO32 _tmp"; " \
366 "andl %"_LO32 _tmp",("_STK"); " \
367 "pushf; " \
368 "notl %"_LO32 _tmp"; " \
369 "andl %"_LO32 _tmp",("_STK"); " \
370 "andl %"_LO32 _tmp","__stringify(BITS_PER_LONG/4)"("_STK"); " \
371 "pop %"_tmp"; " \
372 "orl %"_LO32 _tmp",("_STK"); " \
373 "popf; " \
374 "pop %"_sav"; "
375
376 /* After executing instruction: write-back necessary bits in EFLAGS. */
377 #define _POST_EFLAGS(_sav, _msk, _tmp) \
378 /* _sav |= EFLAGS & _msk; */ \
379 "pushf; " \
380 "pop %"_tmp"; " \
381 "andl %"_msk",%"_LO32 _tmp"; " \
382 "orl %"_LO32 _tmp",%"_sav"; "
383
384 #ifdef CONFIG_X86_64
385 #define ON64(x) x
386 #else
387 #define ON64(x)
388 #endif
389
390 #define ____emulate_2op(_op, _src, _dst, _eflags, _x, _y, _suffix) \
391 do { \
392 __asm__ __volatile__ ( \
393 _PRE_EFLAGS("0", "4", "2") \
394 _op _suffix " %"_x"3,%1; " \
395 _POST_EFLAGS("0", "4", "2") \
396 : "=m" (_eflags), "=m" ((_dst).val), \
397 "=&r" (_tmp) \
398 : _y ((_src).val), "i" (EFLAGS_MASK)); \
399 } while (0)
400
401
402 /* Raw emulation: instruction has two explicit operands. */
403 #define __emulate_2op_nobyte(_op,_src,_dst,_eflags,_wx,_wy,_lx,_ly,_qx,_qy) \
404 do { \
405 unsigned long _tmp; \
406 \
407 switch ((_dst).bytes) { \
408 case 2: \
409 ____emulate_2op(_op,_src,_dst,_eflags,_wx,_wy,"w"); \
410 break; \
411 case 4: \
412 ____emulate_2op(_op,_src,_dst,_eflags,_lx,_ly,"l"); \
413 break; \
414 case 8: \
415 ON64(____emulate_2op(_op,_src,_dst,_eflags,_qx,_qy,"q")); \
416 break; \
417 } \
418 } while (0)
419
420 #define __emulate_2op(_op,_src,_dst,_eflags,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
421 do { \
422 unsigned long _tmp; \
423 switch ((_dst).bytes) { \
424 case 1: \
425 ____emulate_2op(_op,_src,_dst,_eflags,_bx,_by,"b"); \
426 break; \
427 default: \
428 __emulate_2op_nobyte(_op, _src, _dst, _eflags, \
429 _wx, _wy, _lx, _ly, _qx, _qy); \
430 break; \
431 } \
432 } while (0)
433
434 /* Source operand is byte-sized and may be restricted to just %cl. */
435 #define emulate_2op_SrcB(_op, _src, _dst, _eflags) \
436 __emulate_2op(_op, _src, _dst, _eflags, \
437 "b", "c", "b", "c", "b", "c", "b", "c")
438
439 /* Source operand is byte, word, long or quad sized. */
440 #define emulate_2op_SrcV(_op, _src, _dst, _eflags) \
441 __emulate_2op(_op, _src, _dst, _eflags, \
442 "b", "q", "w", "r", _LO32, "r", "", "r")
443
444 /* Source operand is word, long or quad sized. */
445 #define emulate_2op_SrcV_nobyte(_op, _src, _dst, _eflags) \
446 __emulate_2op_nobyte(_op, _src, _dst, _eflags, \
447 "w", "r", _LO32, "r", "", "r")
448
449 /* Instruction has three operands and one operand is stored in ECX register */
450 #define __emulate_2op_cl(_op, _cl, _src, _dst, _eflags, _suffix, _type) \
451 do { \
452 unsigned long _tmp; \
453 _type _clv = (_cl).val; \
454 _type _srcv = (_src).val; \
455 _type _dstv = (_dst).val; \
456 \
457 __asm__ __volatile__ ( \
458 _PRE_EFLAGS("0", "5", "2") \
459 _op _suffix " %4,%1 \n" \
460 _POST_EFLAGS("0", "5", "2") \
461 : "=m" (_eflags), "+r" (_dstv), "=&r" (_tmp) \
462 : "c" (_clv) , "r" (_srcv), "i" (EFLAGS_MASK) \
463 ); \
464 \
465 (_cl).val = (unsigned long) _clv; \
466 (_src).val = (unsigned long) _srcv; \
467 (_dst).val = (unsigned long) _dstv; \
468 } while (0)
469
470 #define emulate_2op_cl(_op, _cl, _src, _dst, _eflags) \
471 do { \
472 switch ((_dst).bytes) { \
473 case 2: \
474 __emulate_2op_cl(_op, _cl, _src, _dst, _eflags, \
475 "w", unsigned short); \
476 break; \
477 case 4: \
478 __emulate_2op_cl(_op, _cl, _src, _dst, _eflags, \
479 "l", unsigned int); \
480 break; \
481 case 8: \
482 ON64(__emulate_2op_cl(_op, _cl, _src, _dst, _eflags, \
483 "q", unsigned long)); \
484 break; \
485 } \
486 } while (0)
487
488 #define __emulate_1op(_op, _dst, _eflags, _suffix) \
489 do { \
490 unsigned long _tmp; \
491 \
492 __asm__ __volatile__ ( \
493 _PRE_EFLAGS("0", "3", "2") \
494 _op _suffix " %1; " \
495 _POST_EFLAGS("0", "3", "2") \
496 : "=m" (_eflags), "+m" ((_dst).val), \
497 "=&r" (_tmp) \
498 : "i" (EFLAGS_MASK)); \
499 } while (0)
500
501 /* Instruction has only one explicit operand (no source operand). */
502 #define emulate_1op(_op, _dst, _eflags) \
503 do { \
504 switch ((_dst).bytes) { \
505 case 1: __emulate_1op(_op, _dst, _eflags, "b"); break; \
506 case 2: __emulate_1op(_op, _dst, _eflags, "w"); break; \
507 case 4: __emulate_1op(_op, _dst, _eflags, "l"); break; \
508 case 8: ON64(__emulate_1op(_op, _dst, _eflags, "q")); break; \
509 } \
510 } while (0)
511
512 /* Fetch next part of the instruction being emulated. */
513 #define insn_fetch(_type, _size, _eip) \
514 ({ unsigned long _x; \
515 rc = do_insn_fetch(ctxt, ops, (_eip), &_x, (_size)); \
516 if (rc != 0) \
517 goto done; \
518 (_eip) += (_size); \
519 (_type)_x; \
520 })
521
522 static inline unsigned long ad_mask(struct decode_cache *c)
523 {
524 return (1UL << (c->ad_bytes << 3)) - 1;
525 }
526
527 /* Access/update address held in a register, based on addressing mode. */
528 static inline unsigned long
529 address_mask(struct decode_cache *c, unsigned long reg)
530 {
531 if (c->ad_bytes == sizeof(unsigned long))
532 return reg;
533 else
534 return reg & ad_mask(c);
535 }
536
537 static inline unsigned long
538 register_address(struct decode_cache *c, unsigned long base, unsigned long reg)
539 {
540 return base + address_mask(c, reg);
541 }
542
543 static inline void
544 register_address_increment(struct decode_cache *c, unsigned long *reg, int inc)
545 {
546 if (c->ad_bytes == sizeof(unsigned long))
547 *reg += inc;
548 else
549 *reg = (*reg & ~ad_mask(c)) | ((*reg + inc) & ad_mask(c));
550 }
551
552 static inline void jmp_rel(struct decode_cache *c, int rel)
553 {
554 register_address_increment(c, &c->eip, rel);
555 }
556
557 static void set_seg_override(struct decode_cache *c, int seg)
558 {
559 c->has_seg_override = true;
560 c->seg_override = seg;
561 }
562
563 static unsigned long seg_base(struct x86_emulate_ctxt *ctxt, int seg)
564 {
565 if (ctxt->mode == X86EMUL_MODE_PROT64 && seg < VCPU_SREG_FS)
566 return 0;
567
568 return kvm_x86_ops->get_segment_base(ctxt->vcpu, seg);
569 }
570
571 static unsigned long seg_override_base(struct x86_emulate_ctxt *ctxt,
572 struct decode_cache *c)
573 {
574 if (!c->has_seg_override)
575 return 0;
576
577 return seg_base(ctxt, c->seg_override);
578 }
579
580 static unsigned long es_base(struct x86_emulate_ctxt *ctxt)
581 {
582 return seg_base(ctxt, VCPU_SREG_ES);
583 }
584
585 static unsigned long ss_base(struct x86_emulate_ctxt *ctxt)
586 {
587 return seg_base(ctxt, VCPU_SREG_SS);
588 }
589
590 static int do_fetch_insn_byte(struct x86_emulate_ctxt *ctxt,
591 struct x86_emulate_ops *ops,
592 unsigned long linear, u8 *dest)
593 {
594 struct fetch_cache *fc = &ctxt->decode.fetch;
595 int rc;
596 int size;
597
598 if (linear < fc->start || linear >= fc->end) {
599 size = min(15UL, PAGE_SIZE - offset_in_page(linear));
600 rc = ops->read_std(linear, fc->data, size, ctxt->vcpu);
601 if (rc)
602 return rc;
603 fc->start = linear;
604 fc->end = linear + size;
605 }
606 *dest = fc->data[linear - fc->start];
607 return 0;
608 }
609
610 static int do_insn_fetch(struct x86_emulate_ctxt *ctxt,
611 struct x86_emulate_ops *ops,
612 unsigned long eip, void *dest, unsigned size)
613 {
614 int rc = 0;
615
616 eip += ctxt->cs_base;
617 while (size--) {
618 rc = do_fetch_insn_byte(ctxt, ops, eip++, dest++);
619 if (rc)
620 return rc;
621 }
622 return 0;
623 }
624
625 /*
626 * Given the 'reg' portion of a ModRM byte, and a register block, return a
627 * pointer into the block that addresses the relevant register.
628 * @highbyte_regs specifies whether to decode AH,CH,DH,BH.
629 */
630 static void *decode_register(u8 modrm_reg, unsigned long *regs,
631 int highbyte_regs)
632 {
633 void *p;
634
635 p = &regs[modrm_reg];
636 if (highbyte_regs && modrm_reg >= 4 && modrm_reg < 8)
637 p = (unsigned char *)&regs[modrm_reg & 3] + 1;
638 return p;
639 }
640
641 static int read_descriptor(struct x86_emulate_ctxt *ctxt,
642 struct x86_emulate_ops *ops,
643 void *ptr,
644 u16 *size, unsigned long *address, int op_bytes)
645 {
646 int rc;
647
648 if (op_bytes == 2)
649 op_bytes = 3;
650 *address = 0;
651 rc = ops->read_std((unsigned long)ptr, (unsigned long *)size, 2,
652 ctxt->vcpu);
653 if (rc)
654 return rc;
655 rc = ops->read_std((unsigned long)ptr + 2, address, op_bytes,
656 ctxt->vcpu);
657 return rc;
658 }
659
660 static int test_cc(unsigned int condition, unsigned int flags)
661 {
662 int rc = 0;
663
664 switch ((condition & 15) >> 1) {
665 case 0: /* o */
666 rc |= (flags & EFLG_OF);
667 break;
668 case 1: /* b/c/nae */
669 rc |= (flags & EFLG_CF);
670 break;
671 case 2: /* z/e */
672 rc |= (flags & EFLG_ZF);
673 break;
674 case 3: /* be/na */
675 rc |= (flags & (EFLG_CF|EFLG_ZF));
676 break;
677 case 4: /* s */
678 rc |= (flags & EFLG_SF);
679 break;
680 case 5: /* p/pe */
681 rc |= (flags & EFLG_PF);
682 break;
683 case 7: /* le/ng */
684 rc |= (flags & EFLG_ZF);
685 /* fall through */
686 case 6: /* l/nge */
687 rc |= (!(flags & EFLG_SF) != !(flags & EFLG_OF));
688 break;
689 }
690
691 /* Odd condition identifiers (lsb == 1) have inverted sense. */
692 return (!!rc ^ (condition & 1));
693 }
694
695 static void decode_register_operand(struct operand *op,
696 struct decode_cache *c,
697 int inhibit_bytereg)
698 {
699 unsigned reg = c->modrm_reg;
700 int highbyte_regs = c->rex_prefix == 0;
701
702 if (!(c->d & ModRM))
703 reg = (c->b & 7) | ((c->rex_prefix & 1) << 3);
704 op->type = OP_REG;
705 if ((c->d & ByteOp) && !inhibit_bytereg) {
706 op->ptr = decode_register(reg, c->regs, highbyte_regs);
707 op->val = *(u8 *)op->ptr;
708 op->bytes = 1;
709 } else {
710 op->ptr = decode_register(reg, c->regs, 0);
711 op->bytes = c->op_bytes;
712 switch (op->bytes) {
713 case 2:
714 op->val = *(u16 *)op->ptr;
715 break;
716 case 4:
717 op->val = *(u32 *)op->ptr;
718 break;
719 case 8:
720 op->val = *(u64 *) op->ptr;
721 break;
722 }
723 }
724 op->orig_val = op->val;
725 }
726
727 static int decode_modrm(struct x86_emulate_ctxt *ctxt,
728 struct x86_emulate_ops *ops)
729 {
730 struct decode_cache *c = &ctxt->decode;
731 u8 sib;
732 int index_reg = 0, base_reg = 0, scale;
733 int rc = 0;
734
735 if (c->rex_prefix) {
736 c->modrm_reg = (c->rex_prefix & 4) << 1; /* REX.R */
737 index_reg = (c->rex_prefix & 2) << 2; /* REX.X */
738 c->modrm_rm = base_reg = (c->rex_prefix & 1) << 3; /* REG.B */
739 }
740
741 c->modrm = insn_fetch(u8, 1, c->eip);
742 c->modrm_mod |= (c->modrm & 0xc0) >> 6;
743 c->modrm_reg |= (c->modrm & 0x38) >> 3;
744 c->modrm_rm |= (c->modrm & 0x07);
745 c->modrm_ea = 0;
746 c->use_modrm_ea = 1;
747
748 if (c->modrm_mod == 3) {
749 c->modrm_ptr = decode_register(c->modrm_rm,
750 c->regs, c->d & ByteOp);
751 c->modrm_val = *(unsigned long *)c->modrm_ptr;
752 return rc;
753 }
754
755 if (c->ad_bytes == 2) {
756 unsigned bx = c->regs[VCPU_REGS_RBX];
757 unsigned bp = c->regs[VCPU_REGS_RBP];
758 unsigned si = c->regs[VCPU_REGS_RSI];
759 unsigned di = c->regs[VCPU_REGS_RDI];
760
761 /* 16-bit ModR/M decode. */
762 switch (c->modrm_mod) {
763 case 0:
764 if (c->modrm_rm == 6)
765 c->modrm_ea += insn_fetch(u16, 2, c->eip);
766 break;
767 case 1:
768 c->modrm_ea += insn_fetch(s8, 1, c->eip);
769 break;
770 case 2:
771 c->modrm_ea += insn_fetch(u16, 2, c->eip);
772 break;
773 }
774 switch (c->modrm_rm) {
775 case 0:
776 c->modrm_ea += bx + si;
777 break;
778 case 1:
779 c->modrm_ea += bx + di;
780 break;
781 case 2:
782 c->modrm_ea += bp + si;
783 break;
784 case 3:
785 c->modrm_ea += bp + di;
786 break;
787 case 4:
788 c->modrm_ea += si;
789 break;
790 case 5:
791 c->modrm_ea += di;
792 break;
793 case 6:
794 if (c->modrm_mod != 0)
795 c->modrm_ea += bp;
796 break;
797 case 7:
798 c->modrm_ea += bx;
799 break;
800 }
801 if (c->modrm_rm == 2 || c->modrm_rm == 3 ||
802 (c->modrm_rm == 6 && c->modrm_mod != 0))
803 if (!c->has_seg_override)
804 set_seg_override(c, VCPU_SREG_SS);
805 c->modrm_ea = (u16)c->modrm_ea;
806 } else {
807 /* 32/64-bit ModR/M decode. */
808 if ((c->modrm_rm & 7) == 4) {
809 sib = insn_fetch(u8, 1, c->eip);
810 index_reg |= (sib >> 3) & 7;
811 base_reg |= sib & 7;
812 scale = sib >> 6;
813
814 if ((base_reg & 7) == 5 && c->modrm_mod == 0)
815 c->modrm_ea += insn_fetch(s32, 4, c->eip);
816 else
817 c->modrm_ea += c->regs[base_reg];
818 if (index_reg != 4)
819 c->modrm_ea += c->regs[index_reg] << scale;
820 } else if ((c->modrm_rm & 7) == 5 && c->modrm_mod == 0) {
821 if (ctxt->mode == X86EMUL_MODE_PROT64)
822 c->rip_relative = 1;
823 } else
824 c->modrm_ea += c->regs[c->modrm_rm];
825 switch (c->modrm_mod) {
826 case 0:
827 if (c->modrm_rm == 5)
828 c->modrm_ea += insn_fetch(s32, 4, c->eip);
829 break;
830 case 1:
831 c->modrm_ea += insn_fetch(s8, 1, c->eip);
832 break;
833 case 2:
834 c->modrm_ea += insn_fetch(s32, 4, c->eip);
835 break;
836 }
837 }
838 done:
839 return rc;
840 }
841
842 static int decode_abs(struct x86_emulate_ctxt *ctxt,
843 struct x86_emulate_ops *ops)
844 {
845 struct decode_cache *c = &ctxt->decode;
846 int rc = 0;
847
848 switch (c->ad_bytes) {
849 case 2:
850 c->modrm_ea = insn_fetch(u16, 2, c->eip);
851 break;
852 case 4:
853 c->modrm_ea = insn_fetch(u32, 4, c->eip);
854 break;
855 case 8:
856 c->modrm_ea = insn_fetch(u64, 8, c->eip);
857 break;
858 }
859 done:
860 return rc;
861 }
862
863 int
864 x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
865 {
866 struct decode_cache *c = &ctxt->decode;
867 int rc = 0;
868 int mode = ctxt->mode;
869 int def_op_bytes, def_ad_bytes, group;
870
871 /* Shadow copy of register state. Committed on successful emulation. */
872
873 memset(c, 0, sizeof(struct decode_cache));
874 c->eip = kvm_rip_read(ctxt->vcpu);
875 ctxt->cs_base = seg_base(ctxt, VCPU_SREG_CS);
876 memcpy(c->regs, ctxt->vcpu->arch.regs, sizeof c->regs);
877
878 switch (mode) {
879 case X86EMUL_MODE_REAL:
880 case X86EMUL_MODE_PROT16:
881 def_op_bytes = def_ad_bytes = 2;
882 break;
883 case X86EMUL_MODE_PROT32:
884 def_op_bytes = def_ad_bytes = 4;
885 break;
886 #ifdef CONFIG_X86_64
887 case X86EMUL_MODE_PROT64:
888 def_op_bytes = 4;
889 def_ad_bytes = 8;
890 break;
891 #endif
892 default:
893 return -1;
894 }
895
896 c->op_bytes = def_op_bytes;
897 c->ad_bytes = def_ad_bytes;
898
899 /* Legacy prefixes. */
900 for (;;) {
901 switch (c->b = insn_fetch(u8, 1, c->eip)) {
902 case 0x66: /* operand-size override */
903 /* switch between 2/4 bytes */
904 c->op_bytes = def_op_bytes ^ 6;
905 break;
906 case 0x67: /* address-size override */
907 if (mode == X86EMUL_MODE_PROT64)
908 /* switch between 4/8 bytes */
909 c->ad_bytes = def_ad_bytes ^ 12;
910 else
911 /* switch between 2/4 bytes */
912 c->ad_bytes = def_ad_bytes ^ 6;
913 break;
914 case 0x26: /* ES override */
915 case 0x2e: /* CS override */
916 case 0x36: /* SS override */
917 case 0x3e: /* DS override */
918 set_seg_override(c, (c->b >> 3) & 3);
919 break;
920 case 0x64: /* FS override */
921 case 0x65: /* GS override */
922 set_seg_override(c, c->b & 7);
923 break;
924 case 0x40 ... 0x4f: /* REX */
925 if (mode != X86EMUL_MODE_PROT64)
926 goto done_prefixes;
927 c->rex_prefix = c->b;
928 continue;
929 case 0xf0: /* LOCK */
930 c->lock_prefix = 1;
931 break;
932 case 0xf2: /* REPNE/REPNZ */
933 c->rep_prefix = REPNE_PREFIX;
934 break;
935 case 0xf3: /* REP/REPE/REPZ */
936 c->rep_prefix = REPE_PREFIX;
937 break;
938 default:
939 goto done_prefixes;
940 }
941
942 /* Any legacy prefix after a REX prefix nullifies its effect. */
943
944 c->rex_prefix = 0;
945 }
946
947 done_prefixes:
948
949 /* REX prefix. */
950 if (c->rex_prefix)
951 if (c->rex_prefix & 8)
952 c->op_bytes = 8; /* REX.W */
953
954 /* Opcode byte(s). */
955 c->d = opcode_table[c->b];
956 if (c->d == 0) {
957 /* Two-byte opcode? */
958 if (c->b == 0x0f) {
959 c->twobyte = 1;
960 c->b = insn_fetch(u8, 1, c->eip);
961 c->d = twobyte_table[c->b];
962 }
963 }
964
965 if (c->d & Group) {
966 group = c->d & GroupMask;
967 c->modrm = insn_fetch(u8, 1, c->eip);
968 --c->eip;
969
970 group = (group << 3) + ((c->modrm >> 3) & 7);
971 if ((c->d & GroupDual) && (c->modrm >> 6) == 3)
972 c->d = group2_table[group];
973 else
974 c->d = group_table[group];
975 }
976
977 /* Unrecognised? */
978 if (c->d == 0) {
979 DPRINTF("Cannot emulate %02x\n", c->b);
980 return -1;
981 }
982
983 if (mode == X86EMUL_MODE_PROT64 && (c->d & Stack))
984 c->op_bytes = 8;
985
986 /* ModRM and SIB bytes. */
987 if (c->d & ModRM)
988 rc = decode_modrm(ctxt, ops);
989 else if (c->d & MemAbs)
990 rc = decode_abs(ctxt, ops);
991 if (rc)
992 goto done;
993
994 if (!c->has_seg_override)
995 set_seg_override(c, VCPU_SREG_DS);
996
997 if (!(!c->twobyte && c->b == 0x8d))
998 c->modrm_ea += seg_override_base(ctxt, c);
999
1000 if (c->ad_bytes != 8)
1001 c->modrm_ea = (u32)c->modrm_ea;
1002 /*
1003 * Decode and fetch the source operand: register, memory
1004 * or immediate.
1005 */
1006 switch (c->d & SrcMask) {
1007 case SrcNone:
1008 break;
1009 case SrcReg:
1010 decode_register_operand(&c->src, c, 0);
1011 break;
1012 case SrcMem16:
1013 c->src.bytes = 2;
1014 goto srcmem_common;
1015 case SrcMem32:
1016 c->src.bytes = 4;
1017 goto srcmem_common;
1018 case SrcMem:
1019 c->src.bytes = (c->d & ByteOp) ? 1 :
1020 c->op_bytes;
1021 /* Don't fetch the address for invlpg: it could be unmapped. */
1022 if (c->twobyte && c->b == 0x01 && c->modrm_reg == 7)
1023 break;
1024 srcmem_common:
1025 /*
1026 * For instructions with a ModR/M byte, switch to register
1027 * access if Mod = 3.
1028 */
1029 if ((c->d & ModRM) && c->modrm_mod == 3) {
1030 c->src.type = OP_REG;
1031 c->src.val = c->modrm_val;
1032 c->src.ptr = c->modrm_ptr;
1033 break;
1034 }
1035 c->src.type = OP_MEM;
1036 break;
1037 case SrcImm:
1038 case SrcImmU:
1039 c->src.type = OP_IMM;
1040 c->src.ptr = (unsigned long *)c->eip;
1041 c->src.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1042 if (c->src.bytes == 8)
1043 c->src.bytes = 4;
1044 /* NB. Immediates are sign-extended as necessary. */
1045 switch (c->src.bytes) {
1046 case 1:
1047 c->src.val = insn_fetch(s8, 1, c->eip);
1048 break;
1049 case 2:
1050 c->src.val = insn_fetch(s16, 2, c->eip);
1051 break;
1052 case 4:
1053 c->src.val = insn_fetch(s32, 4, c->eip);
1054 break;
1055 }
1056 if ((c->d & SrcMask) == SrcImmU) {
1057 switch (c->src.bytes) {
1058 case 1:
1059 c->src.val &= 0xff;
1060 break;
1061 case 2:
1062 c->src.val &= 0xffff;
1063 break;
1064 case 4:
1065 c->src.val &= 0xffffffff;
1066 break;
1067 }
1068 }
1069 break;
1070 case SrcImmByte:
1071 case SrcImmUByte:
1072 c->src.type = OP_IMM;
1073 c->src.ptr = (unsigned long *)c->eip;
1074 c->src.bytes = 1;
1075 if ((c->d & SrcMask) == SrcImmByte)
1076 c->src.val = insn_fetch(s8, 1, c->eip);
1077 else
1078 c->src.val = insn_fetch(u8, 1, c->eip);
1079 break;
1080 case SrcOne:
1081 c->src.bytes = 1;
1082 c->src.val = 1;
1083 break;
1084 }
1085
1086 /*
1087 * Decode and fetch the second source operand: register, memory
1088 * or immediate.
1089 */
1090 switch (c->d & Src2Mask) {
1091 case Src2None:
1092 break;
1093 case Src2CL:
1094 c->src2.bytes = 1;
1095 c->src2.val = c->regs[VCPU_REGS_RCX] & 0x8;
1096 break;
1097 case Src2ImmByte:
1098 c->src2.type = OP_IMM;
1099 c->src2.ptr = (unsigned long *)c->eip;
1100 c->src2.bytes = 1;
1101 c->src2.val = insn_fetch(u8, 1, c->eip);
1102 break;
1103 case Src2Imm16:
1104 c->src2.type = OP_IMM;
1105 c->src2.ptr = (unsigned long *)c->eip;
1106 c->src2.bytes = 2;
1107 c->src2.val = insn_fetch(u16, 2, c->eip);
1108 break;
1109 case Src2One:
1110 c->src2.bytes = 1;
1111 c->src2.val = 1;
1112 break;
1113 }
1114
1115 /* Decode and fetch the destination operand: register or memory. */
1116 switch (c->d & DstMask) {
1117 case ImplicitOps:
1118 /* Special instructions do their own operand decoding. */
1119 return 0;
1120 case DstReg:
1121 decode_register_operand(&c->dst, c,
1122 c->twobyte && (c->b == 0xb6 || c->b == 0xb7));
1123 break;
1124 case DstMem:
1125 if ((c->d & ModRM) && c->modrm_mod == 3) {
1126 c->dst.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1127 c->dst.type = OP_REG;
1128 c->dst.val = c->dst.orig_val = c->modrm_val;
1129 c->dst.ptr = c->modrm_ptr;
1130 break;
1131 }
1132 c->dst.type = OP_MEM;
1133 break;
1134 case DstAcc:
1135 c->dst.type = OP_REG;
1136 c->dst.bytes = c->op_bytes;
1137 c->dst.ptr = &c->regs[VCPU_REGS_RAX];
1138 switch (c->op_bytes) {
1139 case 1:
1140 c->dst.val = *(u8 *)c->dst.ptr;
1141 break;
1142 case 2:
1143 c->dst.val = *(u16 *)c->dst.ptr;
1144 break;
1145 case 4:
1146 c->dst.val = *(u32 *)c->dst.ptr;
1147 break;
1148 }
1149 c->dst.orig_val = c->dst.val;
1150 break;
1151 }
1152
1153 if (c->rip_relative)
1154 c->modrm_ea += c->eip;
1155
1156 done:
1157 return (rc == X86EMUL_UNHANDLEABLE) ? -1 : 0;
1158 }
1159
1160 static inline void emulate_push(struct x86_emulate_ctxt *ctxt)
1161 {
1162 struct decode_cache *c = &ctxt->decode;
1163
1164 c->dst.type = OP_MEM;
1165 c->dst.bytes = c->op_bytes;
1166 c->dst.val = c->src.val;
1167 register_address_increment(c, &c->regs[VCPU_REGS_RSP], -c->op_bytes);
1168 c->dst.ptr = (void *) register_address(c, ss_base(ctxt),
1169 c->regs[VCPU_REGS_RSP]);
1170 }
1171
1172 static int emulate_pop(struct x86_emulate_ctxt *ctxt,
1173 struct x86_emulate_ops *ops,
1174 void *dest, int len)
1175 {
1176 struct decode_cache *c = &ctxt->decode;
1177 int rc;
1178
1179 rc = ops->read_emulated(register_address(c, ss_base(ctxt),
1180 c->regs[VCPU_REGS_RSP]),
1181 dest, len, ctxt->vcpu);
1182 if (rc != 0)
1183 return rc;
1184
1185 register_address_increment(c, &c->regs[VCPU_REGS_RSP], len);
1186 return rc;
1187 }
1188
1189 static inline int emulate_grp1a(struct x86_emulate_ctxt *ctxt,
1190 struct x86_emulate_ops *ops)
1191 {
1192 struct decode_cache *c = &ctxt->decode;
1193 int rc;
1194
1195 rc = emulate_pop(ctxt, ops, &c->dst.val, c->dst.bytes);
1196 if (rc != 0)
1197 return rc;
1198 return 0;
1199 }
1200
1201 static inline void emulate_grp2(struct x86_emulate_ctxt *ctxt)
1202 {
1203 struct decode_cache *c = &ctxt->decode;
1204 switch (c->modrm_reg) {
1205 case 0: /* rol */
1206 emulate_2op_SrcB("rol", c->src, c->dst, ctxt->eflags);
1207 break;
1208 case 1: /* ror */
1209 emulate_2op_SrcB("ror", c->src, c->dst, ctxt->eflags);
1210 break;
1211 case 2: /* rcl */
1212 emulate_2op_SrcB("rcl", c->src, c->dst, ctxt->eflags);
1213 break;
1214 case 3: /* rcr */
1215 emulate_2op_SrcB("rcr", c->src, c->dst, ctxt->eflags);
1216 break;
1217 case 4: /* sal/shl */
1218 case 6: /* sal/shl */
1219 emulate_2op_SrcB("sal", c->src, c->dst, ctxt->eflags);
1220 break;
1221 case 5: /* shr */
1222 emulate_2op_SrcB("shr", c->src, c->dst, ctxt->eflags);
1223 break;
1224 case 7: /* sar */
1225 emulate_2op_SrcB("sar", c->src, c->dst, ctxt->eflags);
1226 break;
1227 }
1228 }
1229
1230 static inline int emulate_grp3(struct x86_emulate_ctxt *ctxt,
1231 struct x86_emulate_ops *ops)
1232 {
1233 struct decode_cache *c = &ctxt->decode;
1234 int rc = 0;
1235
1236 switch (c->modrm_reg) {
1237 case 0 ... 1: /* test */
1238 emulate_2op_SrcV("test", c->src, c->dst, ctxt->eflags);
1239 break;
1240 case 2: /* not */
1241 c->dst.val = ~c->dst.val;
1242 break;
1243 case 3: /* neg */
1244 emulate_1op("neg", c->dst, ctxt->eflags);
1245 break;
1246 default:
1247 DPRINTF("Cannot emulate %02x\n", c->b);
1248 rc = X86EMUL_UNHANDLEABLE;
1249 break;
1250 }
1251 return rc;
1252 }
1253
1254 static inline int emulate_grp45(struct x86_emulate_ctxt *ctxt,
1255 struct x86_emulate_ops *ops)
1256 {
1257 struct decode_cache *c = &ctxt->decode;
1258
1259 switch (c->modrm_reg) {
1260 case 0: /* inc */
1261 emulate_1op("inc", c->dst, ctxt->eflags);
1262 break;
1263 case 1: /* dec */
1264 emulate_1op("dec", c->dst, ctxt->eflags);
1265 break;
1266 case 2: /* call near abs */ {
1267 long int old_eip;
1268 old_eip = c->eip;
1269 c->eip = c->src.val;
1270 c->src.val = old_eip;
1271 emulate_push(ctxt);
1272 break;
1273 }
1274 case 4: /* jmp abs */
1275 c->eip = c->src.val;
1276 break;
1277 case 6: /* push */
1278 emulate_push(ctxt);
1279 break;
1280 }
1281 return 0;
1282 }
1283
1284 static inline int emulate_grp9(struct x86_emulate_ctxt *ctxt,
1285 struct x86_emulate_ops *ops,
1286 unsigned long memop)
1287 {
1288 struct decode_cache *c = &ctxt->decode;
1289 u64 old, new;
1290 int rc;
1291
1292 rc = ops->read_emulated(memop, &old, 8, ctxt->vcpu);
1293 if (rc != 0)
1294 return rc;
1295
1296 if (((u32) (old >> 0) != (u32) c->regs[VCPU_REGS_RAX]) ||
1297 ((u32) (old >> 32) != (u32) c->regs[VCPU_REGS_RDX])) {
1298
1299 c->regs[VCPU_REGS_RAX] = (u32) (old >> 0);
1300 c->regs[VCPU_REGS_RDX] = (u32) (old >> 32);
1301 ctxt->eflags &= ~EFLG_ZF;
1302
1303 } else {
1304 new = ((u64)c->regs[VCPU_REGS_RCX] << 32) |
1305 (u32) c->regs[VCPU_REGS_RBX];
1306
1307 rc = ops->cmpxchg_emulated(memop, &old, &new, 8, ctxt->vcpu);
1308 if (rc != 0)
1309 return rc;
1310 ctxt->eflags |= EFLG_ZF;
1311 }
1312 return 0;
1313 }
1314
1315 static int emulate_ret_far(struct x86_emulate_ctxt *ctxt,
1316 struct x86_emulate_ops *ops)
1317 {
1318 struct decode_cache *c = &ctxt->decode;
1319 int rc;
1320 unsigned long cs;
1321
1322 rc = emulate_pop(ctxt, ops, &c->eip, c->op_bytes);
1323 if (rc)
1324 return rc;
1325 if (c->op_bytes == 4)
1326 c->eip = (u32)c->eip;
1327 rc = emulate_pop(ctxt, ops, &cs, c->op_bytes);
1328 if (rc)
1329 return rc;
1330 rc = kvm_load_segment_descriptor(ctxt->vcpu, (u16)cs, 1, VCPU_SREG_CS);
1331 return rc;
1332 }
1333
1334 static inline int writeback(struct x86_emulate_ctxt *ctxt,
1335 struct x86_emulate_ops *ops)
1336 {
1337 int rc;
1338 struct decode_cache *c = &ctxt->decode;
1339
1340 switch (c->dst.type) {
1341 case OP_REG:
1342 /* The 4-byte case *is* correct:
1343 * in 64-bit mode we zero-extend.
1344 */
1345 switch (c->dst.bytes) {
1346 case 1:
1347 *(u8 *)c->dst.ptr = (u8)c->dst.val;
1348 break;
1349 case 2:
1350 *(u16 *)c->dst.ptr = (u16)c->dst.val;
1351 break;
1352 case 4:
1353 *c->dst.ptr = (u32)c->dst.val;
1354 break; /* 64b: zero-ext */
1355 case 8:
1356 *c->dst.ptr = c->dst.val;
1357 break;
1358 }
1359 break;
1360 case OP_MEM:
1361 if (c->lock_prefix)
1362 rc = ops->cmpxchg_emulated(
1363 (unsigned long)c->dst.ptr,
1364 &c->dst.orig_val,
1365 &c->dst.val,
1366 c->dst.bytes,
1367 ctxt->vcpu);
1368 else
1369 rc = ops->write_emulated(
1370 (unsigned long)c->dst.ptr,
1371 &c->dst.val,
1372 c->dst.bytes,
1373 ctxt->vcpu);
1374 if (rc != 0)
1375 return rc;
1376 break;
1377 case OP_NONE:
1378 /* no writeback */
1379 break;
1380 default:
1381 break;
1382 }
1383 return 0;
1384 }
1385
1386 static void toggle_interruptibility(struct x86_emulate_ctxt *ctxt, u32 mask)
1387 {
1388 u32 int_shadow = kvm_x86_ops->get_interrupt_shadow(ctxt->vcpu, mask);
1389 /*
1390 * an sti; sti; sequence only disable interrupts for the first
1391 * instruction. So, if the last instruction, be it emulated or
1392 * not, left the system with the INT_STI flag enabled, it
1393 * means that the last instruction is an sti. We should not
1394 * leave the flag on in this case. The same goes for mov ss
1395 */
1396 if (!(int_shadow & mask))
1397 ctxt->interruptibility = mask;
1398 }
1399
1400 static inline void
1401 setup_syscalls_segments(struct x86_emulate_ctxt *ctxt,
1402 struct kvm_segment *cs, struct kvm_segment *ss)
1403 {
1404 memset(cs, 0, sizeof(struct kvm_segment));
1405 kvm_x86_ops->get_segment(ctxt->vcpu, cs, VCPU_SREG_CS);
1406 memset(ss, 0, sizeof(struct kvm_segment));
1407
1408 cs->l = 0; /* will be adjusted later */
1409 cs->base = 0; /* flat segment */
1410 cs->g = 1; /* 4kb granularity */
1411 cs->limit = 0xffffffff; /* 4GB limit */
1412 cs->type = 0x0b; /* Read, Execute, Accessed */
1413 cs->s = 1;
1414 cs->dpl = 0; /* will be adjusted later */
1415 cs->present = 1;
1416 cs->db = 1;
1417
1418 ss->unusable = 0;
1419 ss->base = 0; /* flat segment */
1420 ss->limit = 0xffffffff; /* 4GB limit */
1421 ss->g = 1; /* 4kb granularity */
1422 ss->s = 1;
1423 ss->type = 0x03; /* Read/Write, Accessed */
1424 ss->db = 1; /* 32bit stack segment */
1425 ss->dpl = 0;
1426 ss->present = 1;
1427 }
1428
1429 static int
1430 emulate_syscall(struct x86_emulate_ctxt *ctxt)
1431 {
1432 struct decode_cache *c = &ctxt->decode;
1433 struct kvm_segment cs, ss;
1434 u64 msr_data;
1435
1436 /* syscall is not available in real mode */
1437 if (c->lock_prefix || ctxt->mode == X86EMUL_MODE_REAL
1438 || !(ctxt->vcpu->arch.cr0 & X86_CR0_PE))
1439 return -1;
1440
1441 setup_syscalls_segments(ctxt, &cs, &ss);
1442
1443 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_STAR, &msr_data);
1444 msr_data >>= 32;
1445 cs.selector = (u16)(msr_data & 0xfffc);
1446 ss.selector = (u16)(msr_data + 8);
1447
1448 if (is_long_mode(ctxt->vcpu)) {
1449 cs.db = 0;
1450 cs.l = 1;
1451 }
1452 kvm_x86_ops->set_segment(ctxt->vcpu, &cs, VCPU_SREG_CS);
1453 kvm_x86_ops->set_segment(ctxt->vcpu, &ss, VCPU_SREG_SS);
1454
1455 c->regs[VCPU_REGS_RCX] = c->eip;
1456 if (is_long_mode(ctxt->vcpu)) {
1457 #ifdef CONFIG_X86_64
1458 c->regs[VCPU_REGS_R11] = ctxt->eflags & ~EFLG_RF;
1459
1460 kvm_x86_ops->get_msr(ctxt->vcpu,
1461 ctxt->mode == X86EMUL_MODE_PROT64 ?
1462 MSR_LSTAR : MSR_CSTAR, &msr_data);
1463 c->eip = msr_data;
1464
1465 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_SYSCALL_MASK, &msr_data);
1466 ctxt->eflags &= ~(msr_data | EFLG_RF);
1467 #endif
1468 } else {
1469 /* legacy mode */
1470 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_STAR, &msr_data);
1471 c->eip = (u32)msr_data;
1472
1473 ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF);
1474 }
1475
1476 return 0;
1477 }
1478
1479 static int
1480 emulate_sysenter(struct x86_emulate_ctxt *ctxt)
1481 {
1482 struct decode_cache *c = &ctxt->decode;
1483 struct kvm_segment cs, ss;
1484 u64 msr_data;
1485
1486 /* inject #UD if LOCK prefix is used */
1487 if (c->lock_prefix)
1488 return -1;
1489
1490 /* inject #GP if in real mode or paging is disabled */
1491 if (ctxt->mode == X86EMUL_MODE_REAL ||
1492 !(ctxt->vcpu->arch.cr0 & X86_CR0_PE)) {
1493 kvm_inject_gp(ctxt->vcpu, 0);
1494 return -1;
1495 }
1496
1497 /* XXX sysenter/sysexit have not been tested in 64bit mode.
1498 * Therefore, we inject an #UD.
1499 */
1500 if (ctxt->mode == X86EMUL_MODE_PROT64)
1501 return -1;
1502
1503 setup_syscalls_segments(ctxt, &cs, &ss);
1504
1505 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_IA32_SYSENTER_CS, &msr_data);
1506 switch (ctxt->mode) {
1507 case X86EMUL_MODE_PROT32:
1508 if ((msr_data & 0xfffc) == 0x0) {
1509 kvm_inject_gp(ctxt->vcpu, 0);
1510 return -1;
1511 }
1512 break;
1513 case X86EMUL_MODE_PROT64:
1514 if (msr_data == 0x0) {
1515 kvm_inject_gp(ctxt->vcpu, 0);
1516 return -1;
1517 }
1518 break;
1519 }
1520
1521 ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF);
1522 cs.selector = (u16)msr_data;
1523 cs.selector &= ~SELECTOR_RPL_MASK;
1524 ss.selector = cs.selector + 8;
1525 ss.selector &= ~SELECTOR_RPL_MASK;
1526 if (ctxt->mode == X86EMUL_MODE_PROT64
1527 || is_long_mode(ctxt->vcpu)) {
1528 cs.db = 0;
1529 cs.l = 1;
1530 }
1531
1532 kvm_x86_ops->set_segment(ctxt->vcpu, &cs, VCPU_SREG_CS);
1533 kvm_x86_ops->set_segment(ctxt->vcpu, &ss, VCPU_SREG_SS);
1534
1535 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_IA32_SYSENTER_EIP, &msr_data);
1536 c->eip = msr_data;
1537
1538 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_IA32_SYSENTER_ESP, &msr_data);
1539 c->regs[VCPU_REGS_RSP] = msr_data;
1540
1541 return 0;
1542 }
1543
1544 static int
1545 emulate_sysexit(struct x86_emulate_ctxt *ctxt)
1546 {
1547 struct decode_cache *c = &ctxt->decode;
1548 struct kvm_segment cs, ss;
1549 u64 msr_data;
1550 int usermode;
1551
1552 /* inject #UD if LOCK prefix is used */
1553 if (c->lock_prefix)
1554 return -1;
1555
1556 /* inject #GP if in real mode or paging is disabled */
1557 if (ctxt->mode == X86EMUL_MODE_REAL
1558 || !(ctxt->vcpu->arch.cr0 & X86_CR0_PE)) {
1559 kvm_inject_gp(ctxt->vcpu, 0);
1560 return -1;
1561 }
1562
1563 /* sysexit must be called from CPL 0 */
1564 if (kvm_x86_ops->get_cpl(ctxt->vcpu) != 0) {
1565 kvm_inject_gp(ctxt->vcpu, 0);
1566 return -1;
1567 }
1568
1569 setup_syscalls_segments(ctxt, &cs, &ss);
1570
1571 if ((c->rex_prefix & 0x8) != 0x0)
1572 usermode = X86EMUL_MODE_PROT64;
1573 else
1574 usermode = X86EMUL_MODE_PROT32;
1575
1576 cs.dpl = 3;
1577 ss.dpl = 3;
1578 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_IA32_SYSENTER_CS, &msr_data);
1579 switch (usermode) {
1580 case X86EMUL_MODE_PROT32:
1581 cs.selector = (u16)(msr_data + 16);
1582 if ((msr_data & 0xfffc) == 0x0) {
1583 kvm_inject_gp(ctxt->vcpu, 0);
1584 return -1;
1585 }
1586 ss.selector = (u16)(msr_data + 24);
1587 break;
1588 case X86EMUL_MODE_PROT64:
1589 cs.selector = (u16)(msr_data + 32);
1590 if (msr_data == 0x0) {
1591 kvm_inject_gp(ctxt->vcpu, 0);
1592 return -1;
1593 }
1594 ss.selector = cs.selector + 8;
1595 cs.db = 0;
1596 cs.l = 1;
1597 break;
1598 }
1599 cs.selector |= SELECTOR_RPL_MASK;
1600 ss.selector |= SELECTOR_RPL_MASK;
1601
1602 kvm_x86_ops->set_segment(ctxt->vcpu, &cs, VCPU_SREG_CS);
1603 kvm_x86_ops->set_segment(ctxt->vcpu, &ss, VCPU_SREG_SS);
1604
1605 c->eip = ctxt->vcpu->arch.regs[VCPU_REGS_RDX];
1606 c->regs[VCPU_REGS_RSP] = ctxt->vcpu->arch.regs[VCPU_REGS_RCX];
1607
1608 return 0;
1609 }
1610
1611 int
1612 x86_emulate_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
1613 {
1614 unsigned long memop = 0;
1615 u64 msr_data;
1616 unsigned long saved_eip = 0;
1617 struct decode_cache *c = &ctxt->decode;
1618 unsigned int port;
1619 int io_dir_in;
1620 int rc = 0;
1621
1622 ctxt->interruptibility = 0;
1623
1624 /* Shadow copy of register state. Committed on successful emulation.
1625 * NOTE: we can copy them from vcpu as x86_decode_insn() doesn't
1626 * modify them.
1627 */
1628
1629 memcpy(c->regs, ctxt->vcpu->arch.regs, sizeof c->regs);
1630 saved_eip = c->eip;
1631
1632 if (((c->d & ModRM) && (c->modrm_mod != 3)) || (c->d & MemAbs))
1633 memop = c->modrm_ea;
1634
1635 if (c->rep_prefix && (c->d & String)) {
1636 /* All REP prefixes have the same first termination condition */
1637 if (c->regs[VCPU_REGS_RCX] == 0) {
1638 kvm_rip_write(ctxt->vcpu, c->eip);
1639 goto done;
1640 }
1641 /* The second termination condition only applies for REPE
1642 * and REPNE. Test if the repeat string operation prefix is
1643 * REPE/REPZ or REPNE/REPNZ and if it's the case it tests the
1644 * corresponding termination condition according to:
1645 * - if REPE/REPZ and ZF = 0 then done
1646 * - if REPNE/REPNZ and ZF = 1 then done
1647 */
1648 if ((c->b == 0xa6) || (c->b == 0xa7) ||
1649 (c->b == 0xae) || (c->b == 0xaf)) {
1650 if ((c->rep_prefix == REPE_PREFIX) &&
1651 ((ctxt->eflags & EFLG_ZF) == 0)) {
1652 kvm_rip_write(ctxt->vcpu, c->eip);
1653 goto done;
1654 }
1655 if ((c->rep_prefix == REPNE_PREFIX) &&
1656 ((ctxt->eflags & EFLG_ZF) == EFLG_ZF)) {
1657 kvm_rip_write(ctxt->vcpu, c->eip);
1658 goto done;
1659 }
1660 }
1661 c->regs[VCPU_REGS_RCX]--;
1662 c->eip = kvm_rip_read(ctxt->vcpu);
1663 }
1664
1665 if (c->src.type == OP_MEM) {
1666 c->src.ptr = (unsigned long *)memop;
1667 c->src.val = 0;
1668 rc = ops->read_emulated((unsigned long)c->src.ptr,
1669 &c->src.val,
1670 c->src.bytes,
1671 ctxt->vcpu);
1672 if (rc != 0)
1673 goto done;
1674 c->src.orig_val = c->src.val;
1675 }
1676
1677 if ((c->d & DstMask) == ImplicitOps)
1678 goto special_insn;
1679
1680
1681 if (c->dst.type == OP_MEM) {
1682 c->dst.ptr = (unsigned long *)memop;
1683 c->dst.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1684 c->dst.val = 0;
1685 if (c->d & BitOp) {
1686 unsigned long mask = ~(c->dst.bytes * 8 - 1);
1687
1688 c->dst.ptr = (void *)c->dst.ptr +
1689 (c->src.val & mask) / 8;
1690 }
1691 if (!(c->d & Mov) &&
1692 /* optimisation - avoid slow emulated read */
1693 ((rc = ops->read_emulated((unsigned long)c->dst.ptr,
1694 &c->dst.val,
1695 c->dst.bytes, ctxt->vcpu)) != 0))
1696 goto done;
1697 }
1698 c->dst.orig_val = c->dst.val;
1699
1700 special_insn:
1701
1702 if (c->twobyte)
1703 goto twobyte_insn;
1704
1705 switch (c->b) {
1706 case 0x00 ... 0x05:
1707 add: /* add */
1708 emulate_2op_SrcV("add", c->src, c->dst, ctxt->eflags);
1709 break;
1710 case 0x08 ... 0x0d:
1711 or: /* or */
1712 emulate_2op_SrcV("or", c->src, c->dst, ctxt->eflags);
1713 break;
1714 case 0x10 ... 0x15:
1715 adc: /* adc */
1716 emulate_2op_SrcV("adc", c->src, c->dst, ctxt->eflags);
1717 break;
1718 case 0x18 ... 0x1d:
1719 sbb: /* sbb */
1720 emulate_2op_SrcV("sbb", c->src, c->dst, ctxt->eflags);
1721 break;
1722 case 0x20 ... 0x25:
1723 and: /* and */
1724 emulate_2op_SrcV("and", c->src, c->dst, ctxt->eflags);
1725 break;
1726 case 0x28 ... 0x2d:
1727 sub: /* sub */
1728 emulate_2op_SrcV("sub", c->src, c->dst, ctxt->eflags);
1729 break;
1730 case 0x30 ... 0x35:
1731 xor: /* xor */
1732 emulate_2op_SrcV("xor", c->src, c->dst, ctxt->eflags);
1733 break;
1734 case 0x38 ... 0x3d:
1735 cmp: /* cmp */
1736 emulate_2op_SrcV("cmp", c->src, c->dst, ctxt->eflags);
1737 break;
1738 case 0x40 ... 0x47: /* inc r16/r32 */
1739 emulate_1op("inc", c->dst, ctxt->eflags);
1740 break;
1741 case 0x48 ... 0x4f: /* dec r16/r32 */
1742 emulate_1op("dec", c->dst, ctxt->eflags);
1743 break;
1744 case 0x50 ... 0x57: /* push reg */
1745 emulate_push(ctxt);
1746 break;
1747 case 0x58 ... 0x5f: /* pop reg */
1748 pop_instruction:
1749 rc = emulate_pop(ctxt, ops, &c->dst.val, c->op_bytes);
1750 if (rc != 0)
1751 goto done;
1752 break;
1753 case 0x63: /* movsxd */
1754 if (ctxt->mode != X86EMUL_MODE_PROT64)
1755 goto cannot_emulate;
1756 c->dst.val = (s32) c->src.val;
1757 break;
1758 case 0x68: /* push imm */
1759 case 0x6a: /* push imm8 */
1760 emulate_push(ctxt);
1761 break;
1762 case 0x6c: /* insb */
1763 case 0x6d: /* insw/insd */
1764 if (kvm_emulate_pio_string(ctxt->vcpu, NULL,
1765 1,
1766 (c->d & ByteOp) ? 1 : c->op_bytes,
1767 c->rep_prefix ?
1768 address_mask(c, c->regs[VCPU_REGS_RCX]) : 1,
1769 (ctxt->eflags & EFLG_DF),
1770 register_address(c, es_base(ctxt),
1771 c->regs[VCPU_REGS_RDI]),
1772 c->rep_prefix,
1773 c->regs[VCPU_REGS_RDX]) == 0) {
1774 c->eip = saved_eip;
1775 return -1;
1776 }
1777 return 0;
1778 case 0x6e: /* outsb */
1779 case 0x6f: /* outsw/outsd */
1780 if (kvm_emulate_pio_string(ctxt->vcpu, NULL,
1781 0,
1782 (c->d & ByteOp) ? 1 : c->op_bytes,
1783 c->rep_prefix ?
1784 address_mask(c, c->regs[VCPU_REGS_RCX]) : 1,
1785 (ctxt->eflags & EFLG_DF),
1786 register_address(c,
1787 seg_override_base(ctxt, c),
1788 c->regs[VCPU_REGS_RSI]),
1789 c->rep_prefix,
1790 c->regs[VCPU_REGS_RDX]) == 0) {
1791 c->eip = saved_eip;
1792 return -1;
1793 }
1794 return 0;
1795 case 0x70 ... 0x7f: /* jcc (short) */
1796 if (test_cc(c->b, ctxt->eflags))
1797 jmp_rel(c, c->src.val);
1798 break;
1799 case 0x80 ... 0x83: /* Grp1 */
1800 switch (c->modrm_reg) {
1801 case 0:
1802 goto add;
1803 case 1:
1804 goto or;
1805 case 2:
1806 goto adc;
1807 case 3:
1808 goto sbb;
1809 case 4:
1810 goto and;
1811 case 5:
1812 goto sub;
1813 case 6:
1814 goto xor;
1815 case 7:
1816 goto cmp;
1817 }
1818 break;
1819 case 0x84 ... 0x85:
1820 emulate_2op_SrcV("test", c->src, c->dst, ctxt->eflags);
1821 break;
1822 case 0x86 ... 0x87: /* xchg */
1823 xchg:
1824 /* Write back the register source. */
1825 switch (c->dst.bytes) {
1826 case 1:
1827 *(u8 *) c->src.ptr = (u8) c->dst.val;
1828 break;
1829 case 2:
1830 *(u16 *) c->src.ptr = (u16) c->dst.val;
1831 break;
1832 case 4:
1833 *c->src.ptr = (u32) c->dst.val;
1834 break; /* 64b reg: zero-extend */
1835 case 8:
1836 *c->src.ptr = c->dst.val;
1837 break;
1838 }
1839 /*
1840 * Write back the memory destination with implicit LOCK
1841 * prefix.
1842 */
1843 c->dst.val = c->src.val;
1844 c->lock_prefix = 1;
1845 break;
1846 case 0x88 ... 0x8b: /* mov */
1847 goto mov;
1848 case 0x8c: { /* mov r/m, sreg */
1849 struct kvm_segment segreg;
1850
1851 if (c->modrm_reg <= 5)
1852 kvm_get_segment(ctxt->vcpu, &segreg, c->modrm_reg);
1853 else {
1854 printk(KERN_INFO "0x8c: Invalid segreg in modrm byte 0x%02x\n",
1855 c->modrm);
1856 goto cannot_emulate;
1857 }
1858 c->dst.val = segreg.selector;
1859 break;
1860 }
1861 case 0x8d: /* lea r16/r32, m */
1862 c->dst.val = c->modrm_ea;
1863 break;
1864 case 0x8e: { /* mov seg, r/m16 */
1865 uint16_t sel;
1866 int type_bits;
1867 int err;
1868
1869 sel = c->src.val;
1870 if (c->modrm_reg == VCPU_SREG_SS)
1871 toggle_interruptibility(ctxt, X86_SHADOW_INT_MOV_SS);
1872
1873 if (c->modrm_reg <= 5) {
1874 type_bits = (c->modrm_reg == 1) ? 9 : 1;
1875 err = kvm_load_segment_descriptor(ctxt->vcpu, sel,
1876 type_bits, c->modrm_reg);
1877 } else {
1878 printk(KERN_INFO "Invalid segreg in modrm byte 0x%02x\n",
1879 c->modrm);
1880 goto cannot_emulate;
1881 }
1882
1883 if (err < 0)
1884 goto cannot_emulate;
1885
1886 c->dst.type = OP_NONE; /* Disable writeback. */
1887 break;
1888 }
1889 case 0x8f: /* pop (sole member of Grp1a) */
1890 rc = emulate_grp1a(ctxt, ops);
1891 if (rc != 0)
1892 goto done;
1893 break;
1894 case 0x90: /* nop / xchg r8,rax */
1895 if (!(c->rex_prefix & 1)) { /* nop */
1896 c->dst.type = OP_NONE;
1897 break;
1898 }
1899 case 0x91 ... 0x97: /* xchg reg,rax */
1900 c->src.type = c->dst.type = OP_REG;
1901 c->src.bytes = c->dst.bytes = c->op_bytes;
1902 c->src.ptr = (unsigned long *) &c->regs[VCPU_REGS_RAX];
1903 c->src.val = *(c->src.ptr);
1904 goto xchg;
1905 case 0x9c: /* pushf */
1906 c->src.val = (unsigned long) ctxt->eflags;
1907 emulate_push(ctxt);
1908 break;
1909 case 0x9d: /* popf */
1910 c->dst.type = OP_REG;
1911 c->dst.ptr = (unsigned long *) &ctxt->eflags;
1912 c->dst.bytes = c->op_bytes;
1913 goto pop_instruction;
1914 case 0xa0 ... 0xa1: /* mov */
1915 c->dst.ptr = (unsigned long *)&c->regs[VCPU_REGS_RAX];
1916 c->dst.val = c->src.val;
1917 break;
1918 case 0xa2 ... 0xa3: /* mov */
1919 c->dst.val = (unsigned long)c->regs[VCPU_REGS_RAX];
1920 break;
1921 case 0xa4 ... 0xa5: /* movs */
1922 c->dst.type = OP_MEM;
1923 c->dst.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1924 c->dst.ptr = (unsigned long *)register_address(c,
1925 es_base(ctxt),
1926 c->regs[VCPU_REGS_RDI]);
1927 if ((rc = ops->read_emulated(register_address(c,
1928 seg_override_base(ctxt, c),
1929 c->regs[VCPU_REGS_RSI]),
1930 &c->dst.val,
1931 c->dst.bytes, ctxt->vcpu)) != 0)
1932 goto done;
1933 register_address_increment(c, &c->regs[VCPU_REGS_RSI],
1934 (ctxt->eflags & EFLG_DF) ? -c->dst.bytes
1935 : c->dst.bytes);
1936 register_address_increment(c, &c->regs[VCPU_REGS_RDI],
1937 (ctxt->eflags & EFLG_DF) ? -c->dst.bytes
1938 : c->dst.bytes);
1939 break;
1940 case 0xa6 ... 0xa7: /* cmps */
1941 c->src.type = OP_NONE; /* Disable writeback. */
1942 c->src.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1943 c->src.ptr = (unsigned long *)register_address(c,
1944 seg_override_base(ctxt, c),
1945 c->regs[VCPU_REGS_RSI]);
1946 if ((rc = ops->read_emulated((unsigned long)c->src.ptr,
1947 &c->src.val,
1948 c->src.bytes,
1949 ctxt->vcpu)) != 0)
1950 goto done;
1951
1952 c->dst.type = OP_NONE; /* Disable writeback. */
1953 c->dst.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1954 c->dst.ptr = (unsigned long *)register_address(c,
1955 es_base(ctxt),
1956 c->regs[VCPU_REGS_RDI]);
1957 if ((rc = ops->read_emulated((unsigned long)c->dst.ptr,
1958 &c->dst.val,
1959 c->dst.bytes,
1960 ctxt->vcpu)) != 0)
1961 goto done;
1962
1963 DPRINTF("cmps: mem1=0x%p mem2=0x%p\n", c->src.ptr, c->dst.ptr);
1964
1965 emulate_2op_SrcV("cmp", c->src, c->dst, ctxt->eflags);
1966
1967 register_address_increment(c, &c->regs[VCPU_REGS_RSI],
1968 (ctxt->eflags & EFLG_DF) ? -c->src.bytes
1969 : c->src.bytes);
1970 register_address_increment(c, &c->regs[VCPU_REGS_RDI],
1971 (ctxt->eflags & EFLG_DF) ? -c->dst.bytes
1972 : c->dst.bytes);
1973
1974 break;
1975 case 0xaa ... 0xab: /* stos */
1976 c->dst.type = OP_MEM;
1977 c->dst.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1978 c->dst.ptr = (unsigned long *)register_address(c,
1979 es_base(ctxt),
1980 c->regs[VCPU_REGS_RDI]);
1981 c->dst.val = c->regs[VCPU_REGS_RAX];
1982 register_address_increment(c, &c->regs[VCPU_REGS_RDI],
1983 (ctxt->eflags & EFLG_DF) ? -c->dst.bytes
1984 : c->dst.bytes);
1985 break;
1986 case 0xac ... 0xad: /* lods */
1987 c->dst.type = OP_REG;
1988 c->dst.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1989 c->dst.ptr = (unsigned long *)&c->regs[VCPU_REGS_RAX];
1990 if ((rc = ops->read_emulated(register_address(c,
1991 seg_override_base(ctxt, c),
1992 c->regs[VCPU_REGS_RSI]),
1993 &c->dst.val,
1994 c->dst.bytes,
1995 ctxt->vcpu)) != 0)
1996 goto done;
1997 register_address_increment(c, &c->regs[VCPU_REGS_RSI],
1998 (ctxt->eflags & EFLG_DF) ? -c->dst.bytes
1999 : c->dst.bytes);
2000 break;
2001 case 0xae ... 0xaf: /* scas */
2002 DPRINTF("Urk! I don't handle SCAS.\n");
2003 goto cannot_emulate;
2004 case 0xb0 ... 0xbf: /* mov r, imm */
2005 goto mov;
2006 case 0xc0 ... 0xc1:
2007 emulate_grp2(ctxt);
2008 break;
2009 case 0xc3: /* ret */
2010 c->dst.type = OP_REG;
2011 c->dst.ptr = &c->eip;
2012 c->dst.bytes = c->op_bytes;
2013 goto pop_instruction;
2014 case 0xc6 ... 0xc7: /* mov (sole member of Grp11) */
2015 mov:
2016 c->dst.val = c->src.val;
2017 break;
2018 case 0xcb: /* ret far */
2019 rc = emulate_ret_far(ctxt, ops);
2020 if (rc)
2021 goto done;
2022 break;
2023 case 0xd0 ... 0xd1: /* Grp2 */
2024 c->src.val = 1;
2025 emulate_grp2(ctxt);
2026 break;
2027 case 0xd2 ... 0xd3: /* Grp2 */
2028 c->src.val = c->regs[VCPU_REGS_RCX];
2029 emulate_grp2(ctxt);
2030 break;
2031 case 0xe4: /* inb */
2032 case 0xe5: /* in */
2033 port = c->src.val;
2034 io_dir_in = 1;
2035 goto do_io;
2036 case 0xe6: /* outb */
2037 case 0xe7: /* out */
2038 port = c->src.val;
2039 io_dir_in = 0;
2040 goto do_io;
2041 case 0xe8: /* call (near) */ {
2042 long int rel = c->src.val;
2043 c->src.val = (unsigned long) c->eip;
2044 jmp_rel(c, rel);
2045 emulate_push(ctxt);
2046 break;
2047 }
2048 case 0xe9: /* jmp rel */
2049 goto jmp;
2050 case 0xea: /* jmp far */
2051 if (kvm_load_segment_descriptor(ctxt->vcpu, c->src2.val, 9,
2052 VCPU_SREG_CS) < 0) {
2053 DPRINTF("jmp far: Failed to load CS descriptor\n");
2054 goto cannot_emulate;
2055 }
2056
2057 c->eip = c->src.val;
2058 break;
2059 case 0xeb:
2060 jmp: /* jmp rel short */
2061 jmp_rel(c, c->src.val);
2062 c->dst.type = OP_NONE; /* Disable writeback. */
2063 break;
2064 case 0xec: /* in al,dx */
2065 case 0xed: /* in (e/r)ax,dx */
2066 port = c->regs[VCPU_REGS_RDX];
2067 io_dir_in = 1;
2068 goto do_io;
2069 case 0xee: /* out al,dx */
2070 case 0xef: /* out (e/r)ax,dx */
2071 port = c->regs[VCPU_REGS_RDX];
2072 io_dir_in = 0;
2073 do_io: if (kvm_emulate_pio(ctxt->vcpu, NULL, io_dir_in,
2074 (c->d & ByteOp) ? 1 : c->op_bytes,
2075 port) != 0) {
2076 c->eip = saved_eip;
2077 goto cannot_emulate;
2078 }
2079 break;
2080 case 0xf4: /* hlt */
2081 ctxt->vcpu->arch.halt_request = 1;
2082 break;
2083 case 0xf5: /* cmc */
2084 /* complement carry flag from eflags reg */
2085 ctxt->eflags ^= EFLG_CF;
2086 c->dst.type = OP_NONE; /* Disable writeback. */
2087 break;
2088 case 0xf6 ... 0xf7: /* Grp3 */
2089 rc = emulate_grp3(ctxt, ops);
2090 if (rc != 0)
2091 goto done;
2092 break;
2093 case 0xf8: /* clc */
2094 ctxt->eflags &= ~EFLG_CF;
2095 c->dst.type = OP_NONE; /* Disable writeback. */
2096 break;
2097 case 0xfa: /* cli */
2098 ctxt->eflags &= ~X86_EFLAGS_IF;
2099 c->dst.type = OP_NONE; /* Disable writeback. */
2100 break;
2101 case 0xfb: /* sti */
2102 toggle_interruptibility(ctxt, X86_SHADOW_INT_STI);
2103 ctxt->eflags |= X86_EFLAGS_IF;
2104 c->dst.type = OP_NONE; /* Disable writeback. */
2105 break;
2106 case 0xfc: /* cld */
2107 ctxt->eflags &= ~EFLG_DF;
2108 c->dst.type = OP_NONE; /* Disable writeback. */
2109 break;
2110 case 0xfd: /* std */
2111 ctxt->eflags |= EFLG_DF;
2112 c->dst.type = OP_NONE; /* Disable writeback. */
2113 break;
2114 case 0xfe ... 0xff: /* Grp4/Grp5 */
2115 rc = emulate_grp45(ctxt, ops);
2116 if (rc != 0)
2117 goto done;
2118 break;
2119 }
2120
2121 writeback:
2122 rc = writeback(ctxt, ops);
2123 if (rc != 0)
2124 goto done;
2125
2126 /* Commit shadow register state. */
2127 memcpy(ctxt->vcpu->arch.regs, c->regs, sizeof c->regs);
2128 kvm_rip_write(ctxt->vcpu, c->eip);
2129
2130 done:
2131 if (rc == X86EMUL_UNHANDLEABLE) {
2132 c->eip = saved_eip;
2133 return -1;
2134 }
2135 return 0;
2136
2137 twobyte_insn:
2138 switch (c->b) {
2139 case 0x01: /* lgdt, lidt, lmsw */
2140 switch (c->modrm_reg) {
2141 u16 size;
2142 unsigned long address;
2143
2144 case 0: /* vmcall */
2145 if (c->modrm_mod != 3 || c->modrm_rm != 1)
2146 goto cannot_emulate;
2147
2148 rc = kvm_fix_hypercall(ctxt->vcpu);
2149 if (rc)
2150 goto done;
2151
2152 /* Let the processor re-execute the fixed hypercall */
2153 c->eip = kvm_rip_read(ctxt->vcpu);
2154 /* Disable writeback. */
2155 c->dst.type = OP_NONE;
2156 break;
2157 case 2: /* lgdt */
2158 rc = read_descriptor(ctxt, ops, c->src.ptr,
2159 &size, &address, c->op_bytes);
2160 if (rc)
2161 goto done;
2162 realmode_lgdt(ctxt->vcpu, size, address);
2163 /* Disable writeback. */
2164 c->dst.type = OP_NONE;
2165 break;
2166 case 3: /* lidt/vmmcall */
2167 if (c->modrm_mod == 3) {
2168 switch (c->modrm_rm) {
2169 case 1:
2170 rc = kvm_fix_hypercall(ctxt->vcpu);
2171 if (rc)
2172 goto done;
2173 break;
2174 default:
2175 goto cannot_emulate;
2176 }
2177 } else {
2178 rc = read_descriptor(ctxt, ops, c->src.ptr,
2179 &size, &address,
2180 c->op_bytes);
2181 if (rc)
2182 goto done;
2183 realmode_lidt(ctxt->vcpu, size, address);
2184 }
2185 /* Disable writeback. */
2186 c->dst.type = OP_NONE;
2187 break;
2188 case 4: /* smsw */
2189 c->dst.bytes = 2;
2190 c->dst.val = realmode_get_cr(ctxt->vcpu, 0);
2191 break;
2192 case 6: /* lmsw */
2193 realmode_lmsw(ctxt->vcpu, (u16)c->src.val,
2194 &ctxt->eflags);
2195 c->dst.type = OP_NONE;
2196 break;
2197 case 7: /* invlpg*/
2198 emulate_invlpg(ctxt->vcpu, memop);
2199 /* Disable writeback. */
2200 c->dst.type = OP_NONE;
2201 break;
2202 default:
2203 goto cannot_emulate;
2204 }
2205 break;
2206 case 0x05: /* syscall */
2207 if (emulate_syscall(ctxt) == -1)
2208 goto cannot_emulate;
2209 else
2210 goto writeback;
2211 break;
2212 case 0x06:
2213 emulate_clts(ctxt->vcpu);
2214 c->dst.type = OP_NONE;
2215 break;
2216 case 0x08: /* invd */
2217 case 0x09: /* wbinvd */
2218 case 0x0d: /* GrpP (prefetch) */
2219 case 0x18: /* Grp16 (prefetch/nop) */
2220 c->dst.type = OP_NONE;
2221 break;
2222 case 0x20: /* mov cr, reg */
2223 if (c->modrm_mod != 3)
2224 goto cannot_emulate;
2225 c->regs[c->modrm_rm] =
2226 realmode_get_cr(ctxt->vcpu, c->modrm_reg);
2227 c->dst.type = OP_NONE; /* no writeback */
2228 break;
2229 case 0x21: /* mov from dr to reg */
2230 if (c->modrm_mod != 3)
2231 goto cannot_emulate;
2232 rc = emulator_get_dr(ctxt, c->modrm_reg, &c->regs[c->modrm_rm]);
2233 if (rc)
2234 goto cannot_emulate;
2235 c->dst.type = OP_NONE; /* no writeback */
2236 break;
2237 case 0x22: /* mov reg, cr */
2238 if (c->modrm_mod != 3)
2239 goto cannot_emulate;
2240 realmode_set_cr(ctxt->vcpu,
2241 c->modrm_reg, c->modrm_val, &ctxt->eflags);
2242 c->dst.type = OP_NONE;
2243 break;
2244 case 0x23: /* mov from reg to dr */
2245 if (c->modrm_mod != 3)
2246 goto cannot_emulate;
2247 rc = emulator_set_dr(ctxt, c->modrm_reg,
2248 c->regs[c->modrm_rm]);
2249 if (rc)
2250 goto cannot_emulate;
2251 c->dst.type = OP_NONE; /* no writeback */
2252 break;
2253 case 0x30:
2254 /* wrmsr */
2255 msr_data = (u32)c->regs[VCPU_REGS_RAX]
2256 | ((u64)c->regs[VCPU_REGS_RDX] << 32);
2257 rc = kvm_set_msr(ctxt->vcpu, c->regs[VCPU_REGS_RCX], msr_data);
2258 if (rc) {
2259 kvm_inject_gp(ctxt->vcpu, 0);
2260 c->eip = kvm_rip_read(ctxt->vcpu);
2261 }
2262 rc = X86EMUL_CONTINUE;
2263 c->dst.type = OP_NONE;
2264 break;
2265 case 0x32:
2266 /* rdmsr */
2267 rc = kvm_get_msr(ctxt->vcpu, c->regs[VCPU_REGS_RCX], &msr_data);
2268 if (rc) {
2269 kvm_inject_gp(ctxt->vcpu, 0);
2270 c->eip = kvm_rip_read(ctxt->vcpu);
2271 } else {
2272 c->regs[VCPU_REGS_RAX] = (u32)msr_data;
2273 c->regs[VCPU_REGS_RDX] = msr_data >> 32;
2274 }
2275 rc = X86EMUL_CONTINUE;
2276 c->dst.type = OP_NONE;
2277 break;
2278 case 0x34: /* sysenter */
2279 if (emulate_sysenter(ctxt) == -1)
2280 goto cannot_emulate;
2281 else
2282 goto writeback;
2283 break;
2284 case 0x35: /* sysexit */
2285 if (emulate_sysexit(ctxt) == -1)
2286 goto cannot_emulate;
2287 else
2288 goto writeback;
2289 break;
2290 case 0x40 ... 0x4f: /* cmov */
2291 c->dst.val = c->dst.orig_val = c->src.val;
2292 if (!test_cc(c->b, ctxt->eflags))
2293 c->dst.type = OP_NONE; /* no writeback */
2294 break;
2295 case 0x80 ... 0x8f: /* jnz rel, etc*/
2296 if (test_cc(c->b, ctxt->eflags))
2297 jmp_rel(c, c->src.val);
2298 c->dst.type = OP_NONE;
2299 break;
2300 case 0xa3:
2301 bt: /* bt */
2302 c->dst.type = OP_NONE;
2303 /* only subword offset */
2304 c->src.val &= (c->dst.bytes << 3) - 1;
2305 emulate_2op_SrcV_nobyte("bt", c->src, c->dst, ctxt->eflags);
2306 break;
2307 case 0xa4: /* shld imm8, r, r/m */
2308 case 0xa5: /* shld cl, r, r/m */
2309 emulate_2op_cl("shld", c->src2, c->src, c->dst, ctxt->eflags);
2310 break;
2311 case 0xab:
2312 bts: /* bts */
2313 /* only subword offset */
2314 c->src.val &= (c->dst.bytes << 3) - 1;
2315 emulate_2op_SrcV_nobyte("bts", c->src, c->dst, ctxt->eflags);
2316 break;
2317 case 0xac: /* shrd imm8, r, r/m */
2318 case 0xad: /* shrd cl, r, r/m */
2319 emulate_2op_cl("shrd", c->src2, c->src, c->dst, ctxt->eflags);
2320 break;
2321 case 0xae: /* clflush */
2322 break;
2323 case 0xb0 ... 0xb1: /* cmpxchg */
2324 /*
2325 * Save real source value, then compare EAX against
2326 * destination.
2327 */
2328 c->src.orig_val = c->src.val;
2329 c->src.val = c->regs[VCPU_REGS_RAX];
2330 emulate_2op_SrcV("cmp", c->src, c->dst, ctxt->eflags);
2331 if (ctxt->eflags & EFLG_ZF) {
2332 /* Success: write back to memory. */
2333 c->dst.val = c->src.orig_val;
2334 } else {
2335 /* Failure: write the value we saw to EAX. */
2336 c->dst.type = OP_REG;
2337 c->dst.ptr = (unsigned long *)&c->regs[VCPU_REGS_RAX];
2338 }
2339 break;
2340 case 0xb3:
2341 btr: /* btr */
2342 /* only subword offset */
2343 c->src.val &= (c->dst.bytes << 3) - 1;
2344 emulate_2op_SrcV_nobyte("btr", c->src, c->dst, ctxt->eflags);
2345 break;
2346 case 0xb6 ... 0xb7: /* movzx */
2347 c->dst.bytes = c->op_bytes;
2348 c->dst.val = (c->d & ByteOp) ? (u8) c->src.val
2349 : (u16) c->src.val;
2350 break;
2351 case 0xba: /* Grp8 */
2352 switch (c->modrm_reg & 3) {
2353 case 0:
2354 goto bt;
2355 case 1:
2356 goto bts;
2357 case 2:
2358 goto btr;
2359 case 3:
2360 goto btc;
2361 }
2362 break;
2363 case 0xbb:
2364 btc: /* btc */
2365 /* only subword offset */
2366 c->src.val &= (c->dst.bytes << 3) - 1;
2367 emulate_2op_SrcV_nobyte("btc", c->src, c->dst, ctxt->eflags);
2368 break;
2369 case 0xbe ... 0xbf: /* movsx */
2370 c->dst.bytes = c->op_bytes;
2371 c->dst.val = (c->d & ByteOp) ? (s8) c->src.val :
2372 (s16) c->src.val;
2373 break;
2374 case 0xc3: /* movnti */
2375 c->dst.bytes = c->op_bytes;
2376 c->dst.val = (c->op_bytes == 4) ? (u32) c->src.val :
2377 (u64) c->src.val;
2378 break;
2379 case 0xc7: /* Grp9 (cmpxchg8b) */
2380 rc = emulate_grp9(ctxt, ops, memop);
2381 if (rc != 0)
2382 goto done;
2383 c->dst.type = OP_NONE;
2384 break;
2385 }
2386 goto writeback;
2387
2388 cannot_emulate:
2389 DPRINTF("Cannot emulate %02x\n", c->b);
2390 c->eip = saved_eip;
2391 return -1;
2392 }
Linux for Ginger Game Console