search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Relax IDE CHS limits from 16383,16,63 to 65535,16,255
[qemu/agraf.git] / target-i386 / seg_helper.c
bloba4b8b640a04e8dd51ada5e4fc717b4a7b478ad54
1 /*
2 * x86 segmentation related helpers:
3 * TSS, interrupts, system calls, jumps and call/task gates, descriptors
4 *
5 * Copyright (c) 2003 Fabrice Bellard
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "cpu.h"
22 #include "dyngen-exec.h"
23 #include "qemu-log.h"
24 #include "helper.h"
25
26 #if !defined(CONFIG_USER_ONLY)
27 #include "softmmu_exec.h"
28 #endif /* !defined(CONFIG_USER_ONLY) */
29
30 //#define DEBUG_PCALL
31
32 #ifdef DEBUG_PCALL
33 # define LOG_PCALL(...) qemu_log_mask(CPU_LOG_PCALL, ## __VA_ARGS__)
34 # define LOG_PCALL_STATE(env) \
35 log_cpu_state_mask(CPU_LOG_PCALL, (env), X86_DUMP_CCOP)
36 #else
37 # define LOG_PCALL(...) do { } while (0)
38 # define LOG_PCALL_STATE(env) do { } while (0)
39 #endif
40
41 /* return non zero if error */
42 static inline int load_segment(uint32_t *e1_ptr, uint32_t *e2_ptr,
43 int selector)
44 {
45 SegmentCache *dt;
46 int index;
47 target_ulong ptr;
48
49 if (selector & 0x4) {
50 dt = &env->ldt;
51 } else {
52 dt = &env->gdt;
53 }
54 index = selector & ~7;
55 if ((index + 7) > dt->limit) {
56 return -1;
57 }
58 ptr = dt->base + index;
59 *e1_ptr = ldl_kernel(ptr);
60 *e2_ptr = ldl_kernel(ptr + 4);
61 return 0;
62 }
63
64 static inline unsigned int get_seg_limit(uint32_t e1, uint32_t e2)
65 {
66 unsigned int limit;
67
68 limit = (e1 & 0xffff) | (e2 & 0x000f0000);
69 if (e2 & DESC_G_MASK) {
70 limit = (limit << 12) | 0xfff;
71 }
72 return limit;
73 }
74
75 static inline uint32_t get_seg_base(uint32_t e1, uint32_t e2)
76 {
77 return (e1 >> 16) | ((e2 & 0xff) << 16) | (e2 & 0xff000000);
78 }
79
80 static inline void load_seg_cache_raw_dt(SegmentCache *sc, uint32_t e1,
81 uint32_t e2)
82 {
83 sc->base = get_seg_base(e1, e2);
84 sc->limit = get_seg_limit(e1, e2);
85 sc->flags = e2;
86 }
87
88 /* init the segment cache in vm86 mode. */
89 static inline void load_seg_vm(int seg, int selector)
90 {
91 selector &= 0xffff;
92 cpu_x86_load_seg_cache(env, seg, selector,
93 (selector << 4), 0xffff, 0);
94 }
95
96 static inline void get_ss_esp_from_tss(uint32_t *ss_ptr,
97 uint32_t *esp_ptr, int dpl)
98 {
99 int type, index, shift;
100
101 #if 0
102 {
103 int i;
104 printf("TR: base=%p limit=%x\n", env->tr.base, env->tr.limit);
105 for (i = 0; i < env->tr.limit; i++) {
106 printf("%02x ", env->tr.base[i]);
107 if ((i & 7) == 7) {
108 printf("\n");
109 }
110 }
111 printf("\n");
112 }
113 #endif
114
115 if (!(env->tr.flags & DESC_P_MASK)) {
116 cpu_abort(env, "invalid tss");
117 }
118 type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
119 if ((type & 7) != 1) {
120 cpu_abort(env, "invalid tss type");
121 }
122 shift = type >> 3;
123 index = (dpl * 4 + 2) << shift;
124 if (index + (4 << shift) - 1 > env->tr.limit) {
125 raise_exception_err(env, EXCP0A_TSS, env->tr.selector & 0xfffc);
126 }
127 if (shift == 0) {
128 *esp_ptr = lduw_kernel(env->tr.base + index);
129 *ss_ptr = lduw_kernel(env->tr.base + index + 2);
130 } else {
131 *esp_ptr = ldl_kernel(env->tr.base + index);
132 *ss_ptr = lduw_kernel(env->tr.base + index + 4);
133 }
134 }
135
136 /* XXX: merge with load_seg() */
137 static void tss_load_seg(int seg_reg, int selector)
138 {
139 uint32_t e1, e2;
140 int rpl, dpl, cpl;
141
142 if ((selector & 0xfffc) != 0) {
143 if (load_segment(&e1, &e2, selector) != 0) {
144 raise_exception_err(env, EXCP0A_TSS, selector & 0xfffc);
145 }
146 if (!(e2 & DESC_S_MASK)) {
147 raise_exception_err(env, EXCP0A_TSS, selector & 0xfffc);
148 }
149 rpl = selector & 3;
150 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
151 cpl = env->hflags & HF_CPL_MASK;
152 if (seg_reg == R_CS) {
153 if (!(e2 & DESC_CS_MASK)) {
154 raise_exception_err(env, EXCP0A_TSS, selector & 0xfffc);
155 }
156 /* XXX: is it correct? */
157 if (dpl != rpl) {
158 raise_exception_err(env, EXCP0A_TSS, selector & 0xfffc);
159 }
160 if ((e2 & DESC_C_MASK) && dpl > rpl) {
161 raise_exception_err(env, EXCP0A_TSS, selector & 0xfffc);
162 }
163 } else if (seg_reg == R_SS) {
164 /* SS must be writable data */
165 if ((e2 & DESC_CS_MASK) || !(e2 & DESC_W_MASK)) {
166 raise_exception_err(env, EXCP0A_TSS, selector & 0xfffc);
167 }
168 if (dpl != cpl || dpl != rpl) {
169 raise_exception_err(env, EXCP0A_TSS, selector & 0xfffc);
170 }
171 } else {
172 /* not readable code */
173 if ((e2 & DESC_CS_MASK) && !(e2 & DESC_R_MASK)) {
174 raise_exception_err(env, EXCP0A_TSS, selector & 0xfffc);
175 }
176 /* if data or non conforming code, checks the rights */
177 if (((e2 >> DESC_TYPE_SHIFT) & 0xf) < 12) {
178 if (dpl < cpl || dpl < rpl) {
179 raise_exception_err(env, EXCP0A_TSS, selector & 0xfffc);
180 }
181 }
182 }
183 if (!(e2 & DESC_P_MASK)) {
184 raise_exception_err(env, EXCP0B_NOSEG, selector & 0xfffc);
185 }
186 cpu_x86_load_seg_cache(env, seg_reg, selector,
187 get_seg_base(e1, e2),
188 get_seg_limit(e1, e2),
189 e2);
190 } else {
191 if (seg_reg == R_SS || seg_reg == R_CS) {
192 raise_exception_err(env, EXCP0A_TSS, selector & 0xfffc);
193 }
194 }
195 }
196
197 #define SWITCH_TSS_JMP 0
198 #define SWITCH_TSS_IRET 1
199 #define SWITCH_TSS_CALL 2
200
201 /* XXX: restore CPU state in registers (PowerPC case) */
202 static void switch_tss(int tss_selector,
203 uint32_t e1, uint32_t e2, int source,
204 uint32_t next_eip)
205 {
206 int tss_limit, tss_limit_max, type, old_tss_limit_max, old_type, v1, v2, i;
207 target_ulong tss_base;
208 uint32_t new_regs[8], new_segs[6];
209 uint32_t new_eflags, new_eip, new_cr3, new_ldt, new_trap;
210 uint32_t old_eflags, eflags_mask;
211 SegmentCache *dt;
212 int index;
213 target_ulong ptr;
214
215 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
216 LOG_PCALL("switch_tss: sel=0x%04x type=%d src=%d\n", tss_selector, type,
217 source);
218
219 /* if task gate, we read the TSS segment and we load it */
220 if (type == 5) {
221 if (!(e2 & DESC_P_MASK)) {
222 raise_exception_err(env, EXCP0B_NOSEG, tss_selector & 0xfffc);
223 }
224 tss_selector = e1 >> 16;
225 if (tss_selector & 4) {
226 raise_exception_err(env, EXCP0A_TSS, tss_selector & 0xfffc);
227 }
228 if (load_segment(&e1, &e2, tss_selector) != 0) {
229 raise_exception_err(env, EXCP0D_GPF, tss_selector & 0xfffc);
230 }
231 if (e2 & DESC_S_MASK) {
232 raise_exception_err(env, EXCP0D_GPF, tss_selector & 0xfffc);
233 }
234 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
235 if ((type & 7) != 1) {
236 raise_exception_err(env, EXCP0D_GPF, tss_selector & 0xfffc);
237 }
238 }
239
240 if (!(e2 & DESC_P_MASK)) {
241 raise_exception_err(env, EXCP0B_NOSEG, tss_selector & 0xfffc);
242 }
243
244 if (type & 8) {
245 tss_limit_max = 103;
246 } else {
247 tss_limit_max = 43;
248 }
249 tss_limit = get_seg_limit(e1, e2);
250 tss_base = get_seg_base(e1, e2);
251 if ((tss_selector & 4) != 0 ||
252 tss_limit < tss_limit_max) {
253 raise_exception_err(env, EXCP0A_TSS, tss_selector & 0xfffc);
254 }
255 old_type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
256 if (old_type & 8) {
257 old_tss_limit_max = 103;
258 } else {
259 old_tss_limit_max = 43;
260 }
261
262 /* read all the registers from the new TSS */
263 if (type & 8) {
264 /* 32 bit */
265 new_cr3 = ldl_kernel(tss_base + 0x1c);
266 new_eip = ldl_kernel(tss_base + 0x20);
267 new_eflags = ldl_kernel(tss_base + 0x24);
268 for (i = 0; i < 8; i++) {
269 new_regs[i] = ldl_kernel(tss_base + (0x28 + i * 4));
270 }
271 for (i = 0; i < 6; i++) {
272 new_segs[i] = lduw_kernel(tss_base + (0x48 + i * 4));
273 }
274 new_ldt = lduw_kernel(tss_base + 0x60);
275 new_trap = ldl_kernel(tss_base + 0x64);
276 } else {
277 /* 16 bit */
278 new_cr3 = 0;
279 new_eip = lduw_kernel(tss_base + 0x0e);
280 new_eflags = lduw_kernel(tss_base + 0x10);
281 for (i = 0; i < 8; i++) {
282 new_regs[i] = lduw_kernel(tss_base + (0x12 + i * 2)) | 0xffff0000;
283 }
284 for (i = 0; i < 4; i++) {
285 new_segs[i] = lduw_kernel(tss_base + (0x22 + i * 4));
286 }
287 new_ldt = lduw_kernel(tss_base + 0x2a);
288 new_segs[R_FS] = 0;
289 new_segs[R_GS] = 0;
290 new_trap = 0;
291 }
292 /* XXX: avoid a compiler warning, see
293 http://support.amd.com/us/Processor_TechDocs/24593.pdf
294 chapters 12.2.5 and 13.2.4 on how to implement TSS Trap bit */
295 (void)new_trap;
296
297 /* NOTE: we must avoid memory exceptions during the task switch,
298 so we make dummy accesses before */
299 /* XXX: it can still fail in some cases, so a bigger hack is
300 necessary to valid the TLB after having done the accesses */
301
302 v1 = ldub_kernel(env->tr.base);
303 v2 = ldub_kernel(env->tr.base + old_tss_limit_max);
304 stb_kernel(env->tr.base, v1);
305 stb_kernel(env->tr.base + old_tss_limit_max, v2);
306
307 /* clear busy bit (it is restartable) */
308 if (source == SWITCH_TSS_JMP || source == SWITCH_TSS_IRET) {
309 target_ulong ptr;
310 uint32_t e2;
311
312 ptr = env->gdt.base + (env->tr.selector & ~7);
313 e2 = ldl_kernel(ptr + 4);
314 e2 &= ~DESC_TSS_BUSY_MASK;
315 stl_kernel(ptr + 4, e2);
316 }
317 old_eflags = cpu_compute_eflags(env);
318 if (source == SWITCH_TSS_IRET) {
319 old_eflags &= ~NT_MASK;
320 }
321
322 /* save the current state in the old TSS */
323 if (type & 8) {
324 /* 32 bit */
325 stl_kernel(env->tr.base + 0x20, next_eip);
326 stl_kernel(env->tr.base + 0x24, old_eflags);
327 stl_kernel(env->tr.base + (0x28 + 0 * 4), EAX);
328 stl_kernel(env->tr.base + (0x28 + 1 * 4), ECX);
329 stl_kernel(env->tr.base + (0x28 + 2 * 4), EDX);
330 stl_kernel(env->tr.base + (0x28 + 3 * 4), EBX);
331 stl_kernel(env->tr.base + (0x28 + 4 * 4), ESP);
332 stl_kernel(env->tr.base + (0x28 + 5 * 4), EBP);
333 stl_kernel(env->tr.base + (0x28 + 6 * 4), ESI);
334 stl_kernel(env->tr.base + (0x28 + 7 * 4), EDI);
335 for (i = 0; i < 6; i++) {
336 stw_kernel(env->tr.base + (0x48 + i * 4), env->segs[i].selector);
337 }
338 } else {
339 /* 16 bit */
340 stw_kernel(env->tr.base + 0x0e, next_eip);
341 stw_kernel(env->tr.base + 0x10, old_eflags);
342 stw_kernel(env->tr.base + (0x12 + 0 * 2), EAX);
343 stw_kernel(env->tr.base + (0x12 + 1 * 2), ECX);
344 stw_kernel(env->tr.base + (0x12 + 2 * 2), EDX);
345 stw_kernel(env->tr.base + (0x12 + 3 * 2), EBX);
346 stw_kernel(env->tr.base + (0x12 + 4 * 2), ESP);
347 stw_kernel(env->tr.base + (0x12 + 5 * 2), EBP);
348 stw_kernel(env->tr.base + (0x12 + 6 * 2), ESI);
349 stw_kernel(env->tr.base + (0x12 + 7 * 2), EDI);
350 for (i = 0; i < 4; i++) {
351 stw_kernel(env->tr.base + (0x22 + i * 4), env->segs[i].selector);
352 }
353 }
354
355 /* now if an exception occurs, it will occurs in the next task
356 context */
357
358 if (source == SWITCH_TSS_CALL) {
359 stw_kernel(tss_base, env->tr.selector);
360 new_eflags |= NT_MASK;
361 }
362
363 /* set busy bit */
364 if (source == SWITCH_TSS_JMP || source == SWITCH_TSS_CALL) {
365 target_ulong ptr;
366 uint32_t e2;
367
368 ptr = env->gdt.base + (tss_selector & ~7);
369 e2 = ldl_kernel(ptr + 4);
370 e2 |= DESC_TSS_BUSY_MASK;
371 stl_kernel(ptr + 4, e2);
372 }
373
374 /* set the new CPU state */
375 /* from this point, any exception which occurs can give problems */
376 env->cr[0] |= CR0_TS_MASK;
377 env->hflags |= HF_TS_MASK;
378 env->tr.selector = tss_selector;
379 env->tr.base = tss_base;
380 env->tr.limit = tss_limit;
381 env->tr.flags = e2 & ~DESC_TSS_BUSY_MASK;
382
383 if ((type & 8) && (env->cr[0] & CR0_PG_MASK)) {
384 cpu_x86_update_cr3(env, new_cr3);
385 }
386
387 /* load all registers without an exception, then reload them with
388 possible exception */
389 env->eip = new_eip;
390 eflags_mask = TF_MASK | AC_MASK | ID_MASK |
391 IF_MASK | IOPL_MASK | VM_MASK | RF_MASK | NT_MASK;
392 if (!(type & 8)) {
393 eflags_mask &= 0xffff;
394 }
395 cpu_load_eflags(env, new_eflags, eflags_mask);
396 /* XXX: what to do in 16 bit case? */
397 EAX = new_regs[0];
398 ECX = new_regs[1];
399 EDX = new_regs[2];
400 EBX = new_regs[3];
401 ESP = new_regs[4];
402 EBP = new_regs[5];
403 ESI = new_regs[6];
404 EDI = new_regs[7];
405 if (new_eflags & VM_MASK) {
406 for (i = 0; i < 6; i++) {
407 load_seg_vm(i, new_segs[i]);
408 }
409 /* in vm86, CPL is always 3 */
410 cpu_x86_set_cpl(env, 3);
411 } else {
412 /* CPL is set the RPL of CS */
413 cpu_x86_set_cpl(env, new_segs[R_CS] & 3);
414 /* first just selectors as the rest may trigger exceptions */
415 for (i = 0; i < 6; i++) {
416 cpu_x86_load_seg_cache(env, i, new_segs[i], 0, 0, 0);
417 }
418 }
419
420 env->ldt.selector = new_ldt & ~4;
421 env->ldt.base = 0;
422 env->ldt.limit = 0;
423 env->ldt.flags = 0;
424
425 /* load the LDT */
426 if (new_ldt & 4) {
427 raise_exception_err(env, EXCP0A_TSS, new_ldt & 0xfffc);
428 }
429
430 if ((new_ldt & 0xfffc) != 0) {
431 dt = &env->gdt;
432 index = new_ldt & ~7;
433 if ((index + 7) > dt->limit) {
434 raise_exception_err(env, EXCP0A_TSS, new_ldt & 0xfffc);
435 }
436 ptr = dt->base + index;
437 e1 = ldl_kernel(ptr);
438 e2 = ldl_kernel(ptr + 4);
439 if ((e2 & DESC_S_MASK) || ((e2 >> DESC_TYPE_SHIFT) & 0xf) != 2) {
440 raise_exception_err(env, EXCP0A_TSS, new_ldt & 0xfffc);
441 }
442 if (!(e2 & DESC_P_MASK)) {
443 raise_exception_err(env, EXCP0A_TSS, new_ldt & 0xfffc);
444 }
445 load_seg_cache_raw_dt(&env->ldt, e1, e2);
446 }
447
448 /* load the segments */
449 if (!(new_eflags & VM_MASK)) {
450 tss_load_seg(R_CS, new_segs[R_CS]);
451 tss_load_seg(R_SS, new_segs[R_SS]);
452 tss_load_seg(R_ES, new_segs[R_ES]);
453 tss_load_seg(R_DS, new_segs[R_DS]);
454 tss_load_seg(R_FS, new_segs[R_FS]);
455 tss_load_seg(R_GS, new_segs[R_GS]);
456 }
457
458 /* check that EIP is in the CS segment limits */
459 if (new_eip > env->segs[R_CS].limit) {
460 /* XXX: different exception if CALL? */
461 raise_exception_err(env, EXCP0D_GPF, 0);
462 }
463
464 #ifndef CONFIG_USER_ONLY
465 /* reset local breakpoints */
466 if (env->dr[7] & 0x55) {
467 for (i = 0; i < 4; i++) {
468 if (hw_breakpoint_enabled(env->dr[7], i) == 0x1) {
469 hw_breakpoint_remove(env, i);
470 }
471 }
472 env->dr[7] &= ~0x55;
473 }
474 #endif
475 }
476
477 static inline unsigned int get_sp_mask(unsigned int e2)
478 {
479 if (e2 & DESC_B_MASK) {
480 return 0xffffffff;
481 } else {
482 return 0xffff;
483 }
484 }
485
486 static int exception_has_error_code(int intno)
487 {
488 switch (intno) {
489 case 8:
490 case 10:
491 case 11:
492 case 12:
493 case 13:
494 case 14:
495 case 17:
496 return 1;
497 }
498 return 0;
499 }
500
501 #ifdef TARGET_X86_64
502 #define SET_ESP(val, sp_mask) \
503 do { \
504 if ((sp_mask) == 0xffff) { \
505 ESP = (ESP & ~0xffff) | ((val) & 0xffff); \
506 } else if ((sp_mask) == 0xffffffffLL) { \
507 ESP = (uint32_t)(val); \
508 } else { \
509 ESP = (val); \
510 } \
511 } while (0)
512 #else
513 #define SET_ESP(val, sp_mask) \
514 do { \
515 ESP = (ESP & ~(sp_mask)) | ((val) & (sp_mask)); \
516 } while (0)
517 #endif
518
519 /* in 64-bit machines, this can overflow. So this segment addition macro
520 * can be used to trim the value to 32-bit whenever needed */
521 #define SEG_ADDL(ssp, sp, sp_mask) ((uint32_t)((ssp) + (sp & (sp_mask))))
522
523 /* XXX: add a is_user flag to have proper security support */
524 #define PUSHW(ssp, sp, sp_mask, val) \
525 { \
526 sp -= 2; \
527 stw_kernel((ssp) + (sp & (sp_mask)), (val)); \
528 }
529
530 #define PUSHL(ssp, sp, sp_mask, val) \
531 { \
532 sp -= 4; \
533 stl_kernel(SEG_ADDL(ssp, sp, sp_mask), (uint32_t)(val)); \
534 }
535
536 #define POPW(ssp, sp, sp_mask, val) \
537 { \
538 val = lduw_kernel((ssp) + (sp & (sp_mask))); \
539 sp += 2; \
540 }
541
542 #define POPL(ssp, sp, sp_mask, val) \
543 { \
544 val = (uint32_t)ldl_kernel(SEG_ADDL(ssp, sp, sp_mask)); \
545 sp += 4; \
546 }
547
548 /* protected mode interrupt */
549 static void do_interrupt_protected(int intno, int is_int, int error_code,
550 unsigned int next_eip, int is_hw)
551 {
552 SegmentCache *dt;
553 target_ulong ptr, ssp;
554 int type, dpl, selector, ss_dpl, cpl;
555 int has_error_code, new_stack, shift;
556 uint32_t e1, e2, offset, ss = 0, esp, ss_e1 = 0, ss_e2 = 0;
557 uint32_t old_eip, sp_mask;
558
559 has_error_code = 0;
560 if (!is_int && !is_hw) {
561 has_error_code = exception_has_error_code(intno);
562 }
563 if (is_int) {
564 old_eip = next_eip;
565 } else {
566 old_eip = env->eip;
567 }
568
569 dt = &env->idt;
570 if (intno * 8 + 7 > dt->limit) {
571 raise_exception_err(env, EXCP0D_GPF, intno * 8 + 2);
572 }
573 ptr = dt->base + intno * 8;
574 e1 = ldl_kernel(ptr);
575 e2 = ldl_kernel(ptr + 4);
576 /* check gate type */
577 type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
578 switch (type) {
579 case 5: /* task gate */
580 /* must do that check here to return the correct error code */
581 if (!(e2 & DESC_P_MASK)) {
582 raise_exception_err(env, EXCP0B_NOSEG, intno * 8 + 2);
583 }
584 switch_tss(intno * 8, e1, e2, SWITCH_TSS_CALL, old_eip);
585 if (has_error_code) {
586 int type;
587 uint32_t mask;
588
589 /* push the error code */
590 type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
591 shift = type >> 3;
592 if (env->segs[R_SS].flags & DESC_B_MASK) {
593 mask = 0xffffffff;
594 } else {
595 mask = 0xffff;
596 }
597 esp = (ESP - (2 << shift)) & mask;
598 ssp = env->segs[R_SS].base + esp;
599 if (shift) {
600 stl_kernel(ssp, error_code);
601 } else {
602 stw_kernel(ssp, error_code);
603 }
604 SET_ESP(esp, mask);
605 }
606 return;
607 case 6: /* 286 interrupt gate */
608 case 7: /* 286 trap gate */
609 case 14: /* 386 interrupt gate */
610 case 15: /* 386 trap gate */
611 break;
612 default:
613 raise_exception_err(env, EXCP0D_GPF, intno * 8 + 2);
614 break;
615 }
616 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
617 cpl = env->hflags & HF_CPL_MASK;
618 /* check privilege if software int */
619 if (is_int && dpl < cpl) {
620 raise_exception_err(env, EXCP0D_GPF, intno * 8 + 2);
621 }
622 /* check valid bit */
623 if (!(e2 & DESC_P_MASK)) {
624 raise_exception_err(env, EXCP0B_NOSEG, intno * 8 + 2);
625 }
626 selector = e1 >> 16;
627 offset = (e2 & 0xffff0000) | (e1 & 0x0000ffff);
628 if ((selector & 0xfffc) == 0) {
629 raise_exception_err(env, EXCP0D_GPF, 0);
630 }
631 if (load_segment(&e1, &e2, selector) != 0) {
632 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
633 }
634 if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK))) {
635 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
636 }
637 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
638 if (dpl > cpl) {
639 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
640 }
641 if (!(e2 & DESC_P_MASK)) {
642 raise_exception_err(env, EXCP0B_NOSEG, selector & 0xfffc);
643 }
644 if (!(e2 & DESC_C_MASK) && dpl < cpl) {
645 /* to inner privilege */
646 get_ss_esp_from_tss(&ss, &esp, dpl);
647 if ((ss & 0xfffc) == 0) {
648 raise_exception_err(env, EXCP0A_TSS, ss & 0xfffc);
649 }
650 if ((ss & 3) != dpl) {
651 raise_exception_err(env, EXCP0A_TSS, ss & 0xfffc);
652 }
653 if (load_segment(&ss_e1, &ss_e2, ss) != 0) {
654 raise_exception_err(env, EXCP0A_TSS, ss & 0xfffc);
655 }
656 ss_dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
657 if (ss_dpl != dpl) {
658 raise_exception_err(env, EXCP0A_TSS, ss & 0xfffc);
659 }
660 if (!(ss_e2 & DESC_S_MASK) ||
661 (ss_e2 & DESC_CS_MASK) ||
662 !(ss_e2 & DESC_W_MASK)) {
663 raise_exception_err(env, EXCP0A_TSS, ss & 0xfffc);
664 }
665 if (!(ss_e2 & DESC_P_MASK)) {
666 raise_exception_err(env, EXCP0A_TSS, ss & 0xfffc);
667 }
668 new_stack = 1;
669 sp_mask = get_sp_mask(ss_e2);
670 ssp = get_seg_base(ss_e1, ss_e2);
671 } else if ((e2 & DESC_C_MASK) || dpl == cpl) {
672 /* to same privilege */
673 if (env->eflags & VM_MASK) {
674 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
675 }
676 new_stack = 0;
677 sp_mask = get_sp_mask(env->segs[R_SS].flags);
678 ssp = env->segs[R_SS].base;
679 esp = ESP;
680 dpl = cpl;
681 } else {
682 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
683 new_stack = 0; /* avoid warning */
684 sp_mask = 0; /* avoid warning */
685 ssp = 0; /* avoid warning */
686 esp = 0; /* avoid warning */
687 }
688
689 shift = type >> 3;
690
691 #if 0
692 /* XXX: check that enough room is available */
693 push_size = 6 + (new_stack << 2) + (has_error_code << 1);
694 if (env->eflags & VM_MASK) {
695 push_size += 8;
696 }
697 push_size <<= shift;
698 #endif
699 if (shift == 1) {
700 if (new_stack) {
701 if (env->eflags & VM_MASK) {
702 PUSHL(ssp, esp, sp_mask, env->segs[R_GS].selector);
703 PUSHL(ssp, esp, sp_mask, env->segs[R_FS].selector);
704 PUSHL(ssp, esp, sp_mask, env->segs[R_DS].selector);
705 PUSHL(ssp, esp, sp_mask, env->segs[R_ES].selector);
706 }
707 PUSHL(ssp, esp, sp_mask, env->segs[R_SS].selector);
708 PUSHL(ssp, esp, sp_mask, ESP);
709 }
710 PUSHL(ssp, esp, sp_mask, cpu_compute_eflags(env));
711 PUSHL(ssp, esp, sp_mask, env->segs[R_CS].selector);
712 PUSHL(ssp, esp, sp_mask, old_eip);
713 if (has_error_code) {
714 PUSHL(ssp, esp, sp_mask, error_code);
715 }
716 } else {
717 if (new_stack) {
718 if (env->eflags & VM_MASK) {
719 PUSHW(ssp, esp, sp_mask, env->segs[R_GS].selector);
720 PUSHW(ssp, esp, sp_mask, env->segs[R_FS].selector);
721 PUSHW(ssp, esp, sp_mask, env->segs[R_DS].selector);
722 PUSHW(ssp, esp, sp_mask, env->segs[R_ES].selector);
723 }
724 PUSHW(ssp, esp, sp_mask, env->segs[R_SS].selector);
725 PUSHW(ssp, esp, sp_mask, ESP);
726 }
727 PUSHW(ssp, esp, sp_mask, cpu_compute_eflags(env));
728 PUSHW(ssp, esp, sp_mask, env->segs[R_CS].selector);
729 PUSHW(ssp, esp, sp_mask, old_eip);
730 if (has_error_code) {
731 PUSHW(ssp, esp, sp_mask, error_code);
732 }
733 }
734
735 if (new_stack) {
736 if (env->eflags & VM_MASK) {
737 cpu_x86_load_seg_cache(env, R_ES, 0, 0, 0, 0);
738 cpu_x86_load_seg_cache(env, R_DS, 0, 0, 0, 0);
739 cpu_x86_load_seg_cache(env, R_FS, 0, 0, 0, 0);
740 cpu_x86_load_seg_cache(env, R_GS, 0, 0, 0, 0);
741 }
742 ss = (ss & ~3) | dpl;
743 cpu_x86_load_seg_cache(env, R_SS, ss,
744 ssp, get_seg_limit(ss_e1, ss_e2), ss_e2);
745 }
746 SET_ESP(esp, sp_mask);
747
748 selector = (selector & ~3) | dpl;
749 cpu_x86_load_seg_cache(env, R_CS, selector,
750 get_seg_base(e1, e2),
751 get_seg_limit(e1, e2),
752 e2);
753 cpu_x86_set_cpl(env, dpl);
754 env->eip = offset;
755
756 /* interrupt gate clear IF mask */
757 if ((type & 1) == 0) {
758 env->eflags &= ~IF_MASK;
759 }
760 env->eflags &= ~(TF_MASK | VM_MASK | RF_MASK | NT_MASK);
761 }
762
763 #ifdef TARGET_X86_64
764
765 #define PUSHQ(sp, val) \
766 { \
767 sp -= 8; \
768 stq_kernel(sp, (val)); \
769 }
770
771 #define POPQ(sp, val) \
772 { \
773 val = ldq_kernel(sp); \
774 sp += 8; \
775 }
776
777 static inline target_ulong get_rsp_from_tss(int level)
778 {
779 int index;
780
781 #if 0
782 printf("TR: base=" TARGET_FMT_lx " limit=%x\n",
783 env->tr.base, env->tr.limit);
784 #endif
785
786 if (!(env->tr.flags & DESC_P_MASK)) {
787 cpu_abort(env, "invalid tss");
788 }
789 index = 8 * level + 4;
790 if ((index + 7) > env->tr.limit) {
791 raise_exception_err(env, EXCP0A_TSS, env->tr.selector & 0xfffc);
792 }
793 return ldq_kernel(env->tr.base + index);
794 }
795
796 /* 64 bit interrupt */
797 static void do_interrupt64(int intno, int is_int, int error_code,
798 target_ulong next_eip, int is_hw)
799 {
800 SegmentCache *dt;
801 target_ulong ptr;
802 int type, dpl, selector, cpl, ist;
803 int has_error_code, new_stack;
804 uint32_t e1, e2, e3, ss;
805 target_ulong old_eip, esp, offset;
806
807 has_error_code = 0;
808 if (!is_int && !is_hw) {
809 has_error_code = exception_has_error_code(intno);
810 }
811 if (is_int) {
812 old_eip = next_eip;
813 } else {
814 old_eip = env->eip;
815 }
816
817 dt = &env->idt;
818 if (intno * 16 + 15 > dt->limit) {
819 raise_exception_err(env, EXCP0D_GPF, intno * 16 + 2);
820 }
821 ptr = dt->base + intno * 16;
822 e1 = ldl_kernel(ptr);
823 e2 = ldl_kernel(ptr + 4);
824 e3 = ldl_kernel(ptr + 8);
825 /* check gate type */
826 type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
827 switch (type) {
828 case 14: /* 386 interrupt gate */
829 case 15: /* 386 trap gate */
830 break;
831 default:
832 raise_exception_err(env, EXCP0D_GPF, intno * 16 + 2);
833 break;
834 }
835 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
836 cpl = env->hflags & HF_CPL_MASK;
837 /* check privilege if software int */
838 if (is_int && dpl < cpl) {
839 raise_exception_err(env, EXCP0D_GPF, intno * 16 + 2);
840 }
841 /* check valid bit */
842 if (!(e2 & DESC_P_MASK)) {
843 raise_exception_err(env, EXCP0B_NOSEG, intno * 16 + 2);
844 }
845 selector = e1 >> 16;
846 offset = ((target_ulong)e3 << 32) | (e2 & 0xffff0000) | (e1 & 0x0000ffff);
847 ist = e2 & 7;
848 if ((selector & 0xfffc) == 0) {
849 raise_exception_err(env, EXCP0D_GPF, 0);
850 }
851
852 if (load_segment(&e1, &e2, selector) != 0) {
853 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
854 }
855 if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK))) {
856 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
857 }
858 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
859 if (dpl > cpl) {
860 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
861 }
862 if (!(e2 & DESC_P_MASK)) {
863 raise_exception_err(env, EXCP0B_NOSEG, selector & 0xfffc);
864 }
865 if (!(e2 & DESC_L_MASK) || (e2 & DESC_B_MASK)) {
866 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
867 }
868 if ((!(e2 & DESC_C_MASK) && dpl < cpl) || ist != 0) {
869 /* to inner privilege */
870 if (ist != 0) {
871 esp = get_rsp_from_tss(ist + 3);
872 } else {
873 esp = get_rsp_from_tss(dpl);
874 }
875 esp &= ~0xfLL; /* align stack */
876 ss = 0;
877 new_stack = 1;
878 } else if ((e2 & DESC_C_MASK) || dpl == cpl) {
879 /* to same privilege */
880 if (env->eflags & VM_MASK) {
881 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
882 }
883 new_stack = 0;
884 if (ist != 0) {
885 esp = get_rsp_from_tss(ist + 3);
886 } else {
887 esp = ESP;
888 }
889 esp &= ~0xfLL; /* align stack */
890 dpl = cpl;
891 } else {
892 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
893 new_stack = 0; /* avoid warning */
894 esp = 0; /* avoid warning */
895 }
896
897 PUSHQ(esp, env->segs[R_SS].selector);
898 PUSHQ(esp, ESP);
899 PUSHQ(esp, cpu_compute_eflags(env));
900 PUSHQ(esp, env->segs[R_CS].selector);
901 PUSHQ(esp, old_eip);
902 if (has_error_code) {
903 PUSHQ(esp, error_code);
904 }
905
906 if (new_stack) {
907 ss = 0 | dpl;
908 cpu_x86_load_seg_cache(env, R_SS, ss, 0, 0, 0);
909 }
910 ESP = esp;
911
912 selector = (selector & ~3) | dpl;
913 cpu_x86_load_seg_cache(env, R_CS, selector,
914 get_seg_base(e1, e2),
915 get_seg_limit(e1, e2),
916 e2);
917 cpu_x86_set_cpl(env, dpl);
918 env->eip = offset;
919
920 /* interrupt gate clear IF mask */
921 if ((type & 1) == 0) {
922 env->eflags &= ~IF_MASK;
923 }
924 env->eflags &= ~(TF_MASK | VM_MASK | RF_MASK | NT_MASK);
925 }
926 #endif
927
928 #ifdef TARGET_X86_64
929 #if defined(CONFIG_USER_ONLY)
930 void helper_syscall(int next_eip_addend)
931 {
932 env->exception_index = EXCP_SYSCALL;
933 env->exception_next_eip = env->eip + next_eip_addend;
934 cpu_loop_exit(env);
935 }
936 #else
937 void helper_syscall(int next_eip_addend)
938 {
939 int selector;
940
941 if (!(env->efer & MSR_EFER_SCE)) {
942 raise_exception_err(env, EXCP06_ILLOP, 0);
943 }
944 selector = (env->star >> 32) & 0xffff;
945 if (env->hflags & HF_LMA_MASK) {
946 int code64;
947
948 ECX = env->eip + next_eip_addend;
949 env->regs[11] = cpu_compute_eflags(env);
950
951 code64 = env->hflags & HF_CS64_MASK;
952
953 cpu_x86_set_cpl(env, 0);
954 cpu_x86_load_seg_cache(env, R_CS, selector & 0xfffc,
955 0, 0xffffffff,
956 DESC_G_MASK | DESC_P_MASK |
957 DESC_S_MASK |
958 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK |
959 DESC_L_MASK);
960 cpu_x86_load_seg_cache(env, R_SS, (selector + 8) & 0xfffc,
961 0, 0xffffffff,
962 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
963 DESC_S_MASK |
964 DESC_W_MASK | DESC_A_MASK);
965 env->eflags &= ~env->fmask;
966 cpu_load_eflags(env, env->eflags, 0);
967 if (code64) {
968 env->eip = env->lstar;
969 } else {
970 env->eip = env->cstar;
971 }
972 } else {
973 ECX = (uint32_t)(env->eip + next_eip_addend);
974
975 cpu_x86_set_cpl(env, 0);
976 cpu_x86_load_seg_cache(env, R_CS, selector & 0xfffc,
977 0, 0xffffffff,
978 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
979 DESC_S_MASK |
980 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
981 cpu_x86_load_seg_cache(env, R_SS, (selector + 8) & 0xfffc,
982 0, 0xffffffff,
983 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
984 DESC_S_MASK |
985 DESC_W_MASK | DESC_A_MASK);
986 env->eflags &= ~(IF_MASK | RF_MASK | VM_MASK);
987 env->eip = (uint32_t)env->star;
988 }
989 }
990 #endif
991 #endif
992
993 #ifdef TARGET_X86_64
994 void helper_sysret(int dflag)
995 {
996 int cpl, selector;
997
998 if (!(env->efer & MSR_EFER_SCE)) {
999 raise_exception_err(env, EXCP06_ILLOP, 0);
1000 }
1001 cpl = env->hflags & HF_CPL_MASK;
1002 if (!(env->cr[0] & CR0_PE_MASK) || cpl != 0) {
1003 raise_exception_err(env, EXCP0D_GPF, 0);
1004 }
1005 selector = (env->star >> 48) & 0xffff;
1006 if (env->hflags & HF_LMA_MASK) {
1007 if (dflag == 2) {
1008 cpu_x86_load_seg_cache(env, R_CS, (selector + 16) | 3,
1009 0, 0xffffffff,
1010 DESC_G_MASK | DESC_P_MASK |
1011 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1012 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK |
1013 DESC_L_MASK);
1014 env->eip = ECX;
1015 } else {
1016 cpu_x86_load_seg_cache(env, R_CS, selector | 3,
1017 0, 0xffffffff,
1018 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1019 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1020 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
1021 env->eip = (uint32_t)ECX;
1022 }
1023 cpu_x86_load_seg_cache(env, R_SS, selector + 8,
1024 0, 0xffffffff,
1025 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1026 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1027 DESC_W_MASK | DESC_A_MASK);
1028 cpu_load_eflags(env, (uint32_t)(env->regs[11]), TF_MASK | AC_MASK
1029 | ID_MASK | IF_MASK | IOPL_MASK | VM_MASK | RF_MASK |
1030 NT_MASK);
1031 cpu_x86_set_cpl(env, 3);
1032 } else {
1033 cpu_x86_load_seg_cache(env, R_CS, selector | 3,
1034 0, 0xffffffff,
1035 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1036 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1037 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
1038 env->eip = (uint32_t)ECX;
1039 cpu_x86_load_seg_cache(env, R_SS, selector + 8,
1040 0, 0xffffffff,
1041 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1042 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1043 DESC_W_MASK | DESC_A_MASK);
1044 env->eflags |= IF_MASK;
1045 cpu_x86_set_cpl(env, 3);
1046 }
1047 }
1048 #endif
1049
1050 /* real mode interrupt */
1051 static void do_interrupt_real(int intno, int is_int, int error_code,
1052 unsigned int next_eip)
1053 {
1054 SegmentCache *dt;
1055 target_ulong ptr, ssp;
1056 int selector;
1057 uint32_t offset, esp;
1058 uint32_t old_cs, old_eip;
1059
1060 /* real mode (simpler!) */
1061 dt = &env->idt;
1062 if (intno * 4 + 3 > dt->limit) {
1063 raise_exception_err(env, EXCP0D_GPF, intno * 8 + 2);
1064 }
1065 ptr = dt->base + intno * 4;
1066 offset = lduw_kernel(ptr);
1067 selector = lduw_kernel(ptr + 2);
1068 esp = ESP;
1069 ssp = env->segs[R_SS].base;
1070 if (is_int) {
1071 old_eip = next_eip;
1072 } else {
1073 old_eip = env->eip;
1074 }
1075 old_cs = env->segs[R_CS].selector;
1076 /* XXX: use SS segment size? */
1077 PUSHW(ssp, esp, 0xffff, cpu_compute_eflags(env));
1078 PUSHW(ssp, esp, 0xffff, old_cs);
1079 PUSHW(ssp, esp, 0xffff, old_eip);
1080
1081 /* update processor state */
1082 ESP = (ESP & ~0xffff) | (esp & 0xffff);
1083 env->eip = offset;
1084 env->segs[R_CS].selector = selector;
1085 env->segs[R_CS].base = (selector << 4);
1086 env->eflags &= ~(IF_MASK | TF_MASK | AC_MASK | RF_MASK);
1087 }
1088
1089 #if defined(CONFIG_USER_ONLY)
1090 /* fake user mode interrupt */
1091 static void do_interrupt_user(int intno, int is_int, int error_code,
1092 target_ulong next_eip)
1093 {
1094 SegmentCache *dt;
1095 target_ulong ptr;
1096 int dpl, cpl, shift;
1097 uint32_t e2;
1098
1099 dt = &env->idt;
1100 if (env->hflags & HF_LMA_MASK) {
1101 shift = 4;
1102 } else {
1103 shift = 3;
1104 }
1105 ptr = dt->base + (intno << shift);
1106 e2 = ldl_kernel(ptr + 4);
1107
1108 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1109 cpl = env->hflags & HF_CPL_MASK;
1110 /* check privilege if software int */
1111 if (is_int && dpl < cpl) {
1112 raise_exception_err(env, EXCP0D_GPF, (intno << shift) + 2);
1113 }
1114
1115 /* Since we emulate only user space, we cannot do more than
1116 exiting the emulation with the suitable exception and error
1117 code */
1118 if (is_int) {
1119 EIP = next_eip;
1120 }
1121 }
1122
1123 #else
1124
1125 static void handle_even_inj(int intno, int is_int, int error_code,
1126 int is_hw, int rm)
1127 {
1128 uint32_t event_inj = ldl_phys(env->vm_vmcb + offsetof(struct vmcb,
1129 control.event_inj));
1130
1131 if (!(event_inj & SVM_EVTINJ_VALID)) {
1132 int type;
1133
1134 if (is_int) {
1135 type = SVM_EVTINJ_TYPE_SOFT;
1136 } else {
1137 type = SVM_EVTINJ_TYPE_EXEPT;
1138 }
1139 event_inj = intno | type | SVM_EVTINJ_VALID;
1140 if (!rm && exception_has_error_code(intno)) {
1141 event_inj |= SVM_EVTINJ_VALID_ERR;
1142 stl_phys(env->vm_vmcb + offsetof(struct vmcb,
1143 control.event_inj_err),
1144 error_code);
1145 }
1146 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj),
1147 event_inj);
1148 }
1149 }
1150 #endif
1151
1152 /*
1153 * Begin execution of an interruption. is_int is TRUE if coming from
1154 * the int instruction. next_eip is the EIP value AFTER the interrupt
1155 * instruction. It is only relevant if is_int is TRUE.
1156 */
1157 static void do_interrupt_all(int intno, int is_int, int error_code,
1158 target_ulong next_eip, int is_hw)
1159 {
1160 if (qemu_loglevel_mask(CPU_LOG_INT)) {
1161 if ((env->cr[0] & CR0_PE_MASK)) {
1162 static int count;
1163
1164 qemu_log("%6d: v=%02x e=%04x i=%d cpl=%d IP=%04x:" TARGET_FMT_lx
1165 " pc=" TARGET_FMT_lx " SP=%04x:" TARGET_FMT_lx,
1166 count, intno, error_code, is_int,
1167 env->hflags & HF_CPL_MASK,
1168 env->segs[R_CS].selector, EIP,
1169 (int)env->segs[R_CS].base + EIP,
1170 env->segs[R_SS].selector, ESP);
1171 if (intno == 0x0e) {
1172 qemu_log(" CR2=" TARGET_FMT_lx, env->cr[2]);
1173 } else {
1174 qemu_log(" EAX=" TARGET_FMT_lx, EAX);
1175 }
1176 qemu_log("\n");
1177 log_cpu_state(env, X86_DUMP_CCOP);
1178 #if 0
1179 {
1180 int i;
1181 target_ulong ptr;
1182
1183 qemu_log(" code=");
1184 ptr = env->segs[R_CS].base + env->eip;
1185 for (i = 0; i < 16; i++) {
1186 qemu_log(" %02x", ldub(ptr + i));
1187 }
1188 qemu_log("\n");
1189 }
1190 #endif
1191 count++;
1192 }
1193 }
1194 if (env->cr[0] & CR0_PE_MASK) {
1195 #if !defined(CONFIG_USER_ONLY)
1196 if (env->hflags & HF_SVMI_MASK) {
1197 handle_even_inj(intno, is_int, error_code, is_hw, 0);
1198 }
1199 #endif
1200 #ifdef TARGET_X86_64
1201 if (env->hflags & HF_LMA_MASK) {
1202 do_interrupt64(intno, is_int, error_code, next_eip, is_hw);
1203 } else
1204 #endif
1205 {
1206 do_interrupt_protected(intno, is_int, error_code, next_eip, is_hw);
1207 }
1208 } else {
1209 #if !defined(CONFIG_USER_ONLY)
1210 if (env->hflags & HF_SVMI_MASK) {
1211 handle_even_inj(intno, is_int, error_code, is_hw, 1);
1212 }
1213 #endif
1214 do_interrupt_real(intno, is_int, error_code, next_eip);
1215 }
1216
1217 #if !defined(CONFIG_USER_ONLY)
1218 if (env->hflags & HF_SVMI_MASK) {
1219 uint32_t event_inj = ldl_phys(env->vm_vmcb +
1220 offsetof(struct vmcb,
1221 control.event_inj));
1222
1223 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj),
1224 event_inj & ~SVM_EVTINJ_VALID);
1225 }
1226 #endif
1227 }
1228
1229 void do_interrupt(CPUX86State *env1)
1230 {
1231 CPUX86State *saved_env;
1232
1233 saved_env = env;
1234 env = env1;
1235 #if defined(CONFIG_USER_ONLY)
1236 /* if user mode only, we simulate a fake exception
1237 which will be handled outside the cpu execution
1238 loop */
1239 do_interrupt_user(env->exception_index,
1240 env->exception_is_int,
1241 env->error_code,
1242 env->exception_next_eip);
1243 /* successfully delivered */
1244 env->old_exception = -1;
1245 #else
1246 /* simulate a real cpu exception. On i386, it can
1247 trigger new exceptions, but we do not handle
1248 double or triple faults yet. */
1249 do_interrupt_all(env->exception_index,
1250 env->exception_is_int,
1251 env->error_code,
1252 env->exception_next_eip, 0);
1253 /* successfully delivered */
1254 env->old_exception = -1;
1255 #endif
1256 env = saved_env;
1257 }
1258
1259 void do_interrupt_x86_hardirq(CPUX86State *env1, int intno, int is_hw)
1260 {
1261 CPUX86State *saved_env;
1262
1263 saved_env = env;
1264 env = env1;
1265 do_interrupt_all(intno, 0, 0, 0, is_hw);
1266 env = saved_env;
1267 }
1268
1269 void helper_enter_level(int level, int data32, target_ulong t1)
1270 {
1271 target_ulong ssp;
1272 uint32_t esp_mask, esp, ebp;
1273
1274 esp_mask = get_sp_mask(env->segs[R_SS].flags);
1275 ssp = env->segs[R_SS].base;
1276 ebp = EBP;
1277 esp = ESP;
1278 if (data32) {
1279 /* 32 bit */
1280 esp -= 4;
1281 while (--level) {
1282 esp -= 4;
1283 ebp -= 4;
1284 stl(ssp + (esp & esp_mask), ldl(ssp + (ebp & esp_mask)));
1285 }
1286 esp -= 4;
1287 stl(ssp + (esp & esp_mask), t1);
1288 } else {
1289 /* 16 bit */
1290 esp -= 2;
1291 while (--level) {
1292 esp -= 2;
1293 ebp -= 2;
1294 stw(ssp + (esp & esp_mask), lduw(ssp + (ebp & esp_mask)));
1295 }
1296 esp -= 2;
1297 stw(ssp + (esp & esp_mask), t1);
1298 }
1299 }
1300
1301 #ifdef TARGET_X86_64
1302 void helper_enter64_level(int level, int data64, target_ulong t1)
1303 {
1304 target_ulong esp, ebp;
1305
1306 ebp = EBP;
1307 esp = ESP;
1308
1309 if (data64) {
1310 /* 64 bit */
1311 esp -= 8;
1312 while (--level) {
1313 esp -= 8;
1314 ebp -= 8;
1315 stq(esp, ldq(ebp));
1316 }
1317 esp -= 8;
1318 stq(esp, t1);
1319 } else {
1320 /* 16 bit */
1321 esp -= 2;
1322 while (--level) {
1323 esp -= 2;
1324 ebp -= 2;
1325 stw(esp, lduw(ebp));
1326 }
1327 esp -= 2;
1328 stw(esp, t1);
1329 }
1330 }
1331 #endif
1332
1333 void helper_lldt(int selector)
1334 {
1335 SegmentCache *dt;
1336 uint32_t e1, e2;
1337 int index, entry_limit;
1338 target_ulong ptr;
1339
1340 selector &= 0xffff;
1341 if ((selector & 0xfffc) == 0) {
1342 /* XXX: NULL selector case: invalid LDT */
1343 env->ldt.base = 0;
1344 env->ldt.limit = 0;
1345 } else {
1346 if (selector & 0x4) {
1347 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1348 }
1349 dt = &env->gdt;
1350 index = selector & ~7;
1351 #ifdef TARGET_X86_64
1352 if (env->hflags & HF_LMA_MASK) {
1353 entry_limit = 15;
1354 } else
1355 #endif
1356 {
1357 entry_limit = 7;
1358 }
1359 if ((index + entry_limit) > dt->limit) {
1360 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1361 }
1362 ptr = dt->base + index;
1363 e1 = ldl_kernel(ptr);
1364 e2 = ldl_kernel(ptr + 4);
1365 if ((e2 & DESC_S_MASK) || ((e2 >> DESC_TYPE_SHIFT) & 0xf) != 2) {
1366 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1367 }
1368 if (!(e2 & DESC_P_MASK)) {
1369 raise_exception_err(env, EXCP0B_NOSEG, selector & 0xfffc);
1370 }
1371 #ifdef TARGET_X86_64
1372 if (env->hflags & HF_LMA_MASK) {
1373 uint32_t e3;
1374
1375 e3 = ldl_kernel(ptr + 8);
1376 load_seg_cache_raw_dt(&env->ldt, e1, e2);
1377 env->ldt.base |= (target_ulong)e3 << 32;
1378 } else
1379 #endif
1380 {
1381 load_seg_cache_raw_dt(&env->ldt, e1, e2);
1382 }
1383 }
1384 env->ldt.selector = selector;
1385 }
1386
1387 void helper_ltr(int selector)
1388 {
1389 SegmentCache *dt;
1390 uint32_t e1, e2;
1391 int index, type, entry_limit;
1392 target_ulong ptr;
1393
1394 selector &= 0xffff;
1395 if ((selector & 0xfffc) == 0) {
1396 /* NULL selector case: invalid TR */
1397 env->tr.base = 0;
1398 env->tr.limit = 0;
1399 env->tr.flags = 0;
1400 } else {
1401 if (selector & 0x4) {
1402 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1403 }
1404 dt = &env->gdt;
1405 index = selector & ~7;
1406 #ifdef TARGET_X86_64
1407 if (env->hflags & HF_LMA_MASK) {
1408 entry_limit = 15;
1409 } else
1410 #endif
1411 {
1412 entry_limit = 7;
1413 }
1414 if ((index + entry_limit) > dt->limit) {
1415 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1416 }
1417 ptr = dt->base + index;
1418 e1 = ldl_kernel(ptr);
1419 e2 = ldl_kernel(ptr + 4);
1420 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
1421 if ((e2 & DESC_S_MASK) ||
1422 (type != 1 && type != 9)) {
1423 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1424 }
1425 if (!(e2 & DESC_P_MASK)) {
1426 raise_exception_err(env, EXCP0B_NOSEG, selector & 0xfffc);
1427 }
1428 #ifdef TARGET_X86_64
1429 if (env->hflags & HF_LMA_MASK) {
1430 uint32_t e3, e4;
1431
1432 e3 = ldl_kernel(ptr + 8);
1433 e4 = ldl_kernel(ptr + 12);
1434 if ((e4 >> DESC_TYPE_SHIFT) & 0xf) {
1435 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1436 }
1437 load_seg_cache_raw_dt(&env->tr, e1, e2);
1438 env->tr.base |= (target_ulong)e3 << 32;
1439 } else
1440 #endif
1441 {
1442 load_seg_cache_raw_dt(&env->tr, e1, e2);
1443 }
1444 e2 |= DESC_TSS_BUSY_MASK;
1445 stl_kernel(ptr + 4, e2);
1446 }
1447 env->tr.selector = selector;
1448 }
1449
1450 /* only works if protected mode and not VM86. seg_reg must be != R_CS */
1451 void helper_load_seg(int seg_reg, int selector)
1452 {
1453 uint32_t e1, e2;
1454 int cpl, dpl, rpl;
1455 SegmentCache *dt;
1456 int index;
1457 target_ulong ptr;
1458
1459 selector &= 0xffff;
1460 cpl = env->hflags & HF_CPL_MASK;
1461 if ((selector & 0xfffc) == 0) {
1462 /* null selector case */
1463 if (seg_reg == R_SS
1464 #ifdef TARGET_X86_64
1465 && (!(env->hflags & HF_CS64_MASK) || cpl == 3)
1466 #endif
1467 ) {
1468 raise_exception_err(env, EXCP0D_GPF, 0);
1469 }
1470 cpu_x86_load_seg_cache(env, seg_reg, selector, 0, 0, 0);
1471 } else {
1472
1473 if (selector & 0x4) {
1474 dt = &env->ldt;
1475 } else {
1476 dt = &env->gdt;
1477 }
1478 index = selector & ~7;
1479 if ((index + 7) > dt->limit) {
1480 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1481 }
1482 ptr = dt->base + index;
1483 e1 = ldl_kernel(ptr);
1484 e2 = ldl_kernel(ptr + 4);
1485
1486 if (!(e2 & DESC_S_MASK)) {
1487 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1488 }
1489 rpl = selector & 3;
1490 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1491 if (seg_reg == R_SS) {
1492 /* must be writable segment */
1493 if ((e2 & DESC_CS_MASK) || !(e2 & DESC_W_MASK)) {
1494 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1495 }
1496 if (rpl != cpl || dpl != cpl) {
1497 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1498 }
1499 } else {
1500 /* must be readable segment */
1501 if ((e2 & (DESC_CS_MASK | DESC_R_MASK)) == DESC_CS_MASK) {
1502 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1503 }
1504
1505 if (!(e2 & DESC_CS_MASK) || !(e2 & DESC_C_MASK)) {
1506 /* if not conforming code, test rights */
1507 if (dpl < cpl || dpl < rpl) {
1508 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1509 }
1510 }
1511 }
1512
1513 if (!(e2 & DESC_P_MASK)) {
1514 if (seg_reg == R_SS) {
1515 raise_exception_err(env, EXCP0C_STACK, selector & 0xfffc);
1516 } else {
1517 raise_exception_err(env, EXCP0B_NOSEG, selector & 0xfffc);
1518 }
1519 }
1520
1521 /* set the access bit if not already set */
1522 if (!(e2 & DESC_A_MASK)) {
1523 e2 |= DESC_A_MASK;
1524 stl_kernel(ptr + 4, e2);
1525 }
1526
1527 cpu_x86_load_seg_cache(env, seg_reg, selector,
1528 get_seg_base(e1, e2),
1529 get_seg_limit(e1, e2),
1530 e2);
1531 #if 0
1532 qemu_log("load_seg: sel=0x%04x base=0x%08lx limit=0x%08lx flags=%08x\n",
1533 selector, (unsigned long)sc->base, sc->limit, sc->flags);
1534 #endif
1535 }
1536 }
1537
1538 /* protected mode jump */
1539 void helper_ljmp_protected(int new_cs, target_ulong new_eip,
1540 int next_eip_addend)
1541 {
1542 int gate_cs, type;
1543 uint32_t e1, e2, cpl, dpl, rpl, limit;
1544 target_ulong next_eip;
1545
1546 if ((new_cs & 0xfffc) == 0) {
1547 raise_exception_err(env, EXCP0D_GPF, 0);
1548 }
1549 if (load_segment(&e1, &e2, new_cs) != 0) {
1550 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1551 }
1552 cpl = env->hflags & HF_CPL_MASK;
1553 if (e2 & DESC_S_MASK) {
1554 if (!(e2 & DESC_CS_MASK)) {
1555 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1556 }
1557 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1558 if (e2 & DESC_C_MASK) {
1559 /* conforming code segment */
1560 if (dpl > cpl) {
1561 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1562 }
1563 } else {
1564 /* non conforming code segment */
1565 rpl = new_cs & 3;
1566 if (rpl > cpl) {
1567 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1568 }
1569 if (dpl != cpl) {
1570 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1571 }
1572 }
1573 if (!(e2 & DESC_P_MASK)) {
1574 raise_exception_err(env, EXCP0B_NOSEG, new_cs & 0xfffc);
1575 }
1576 limit = get_seg_limit(e1, e2);
1577 if (new_eip > limit &&
1578 !(env->hflags & HF_LMA_MASK) && !(e2 & DESC_L_MASK)) {
1579 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1580 }
1581 cpu_x86_load_seg_cache(env, R_CS, (new_cs & 0xfffc) | cpl,
1582 get_seg_base(e1, e2), limit, e2);
1583 EIP = new_eip;
1584 } else {
1585 /* jump to call or task gate */
1586 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1587 rpl = new_cs & 3;
1588 cpl = env->hflags & HF_CPL_MASK;
1589 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
1590 switch (type) {
1591 case 1: /* 286 TSS */
1592 case 9: /* 386 TSS */
1593 case 5: /* task gate */
1594 if (dpl < cpl || dpl < rpl) {
1595 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1596 }
1597 next_eip = env->eip + next_eip_addend;
1598 switch_tss(new_cs, e1, e2, SWITCH_TSS_JMP, next_eip);
1599 CC_OP = CC_OP_EFLAGS;
1600 break;
1601 case 4: /* 286 call gate */
1602 case 12: /* 386 call gate */
1603 if ((dpl < cpl) || (dpl < rpl)) {
1604 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1605 }
1606 if (!(e2 & DESC_P_MASK)) {
1607 raise_exception_err(env, EXCP0B_NOSEG, new_cs & 0xfffc);
1608 }
1609 gate_cs = e1 >> 16;
1610 new_eip = (e1 & 0xffff);
1611 if (type == 12) {
1612 new_eip |= (e2 & 0xffff0000);
1613 }
1614 if (load_segment(&e1, &e2, gate_cs) != 0) {
1615 raise_exception_err(env, EXCP0D_GPF, gate_cs & 0xfffc);
1616 }
1617 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1618 /* must be code segment */
1619 if (((e2 & (DESC_S_MASK | DESC_CS_MASK)) !=
1620 (DESC_S_MASK | DESC_CS_MASK))) {
1621 raise_exception_err(env, EXCP0D_GPF, gate_cs & 0xfffc);
1622 }
1623 if (((e2 & DESC_C_MASK) && (dpl > cpl)) ||
1624 (!(e2 & DESC_C_MASK) && (dpl != cpl))) {
1625 raise_exception_err(env, EXCP0D_GPF, gate_cs & 0xfffc);
1626 }
1627 if (!(e2 & DESC_P_MASK)) {
1628 raise_exception_err(env, EXCP0D_GPF, gate_cs & 0xfffc);
1629 }
1630 limit = get_seg_limit(e1, e2);
1631 if (new_eip > limit) {
1632 raise_exception_err(env, EXCP0D_GPF, 0);
1633 }
1634 cpu_x86_load_seg_cache(env, R_CS, (gate_cs & 0xfffc) | cpl,
1635 get_seg_base(e1, e2), limit, e2);
1636 EIP = new_eip;
1637 break;
1638 default:
1639 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1640 break;
1641 }
1642 }
1643 }
1644
1645 /* real mode call */
1646 void helper_lcall_real(int new_cs, target_ulong new_eip1,
1647 int shift, int next_eip)
1648 {
1649 int new_eip;
1650 uint32_t esp, esp_mask;
1651 target_ulong ssp;
1652
1653 new_eip = new_eip1;
1654 esp = ESP;
1655 esp_mask = get_sp_mask(env->segs[R_SS].flags);
1656 ssp = env->segs[R_SS].base;
1657 if (shift) {
1658 PUSHL(ssp, esp, esp_mask, env->segs[R_CS].selector);
1659 PUSHL(ssp, esp, esp_mask, next_eip);
1660 } else {
1661 PUSHW(ssp, esp, esp_mask, env->segs[R_CS].selector);
1662 PUSHW(ssp, esp, esp_mask, next_eip);
1663 }
1664
1665 SET_ESP(esp, esp_mask);
1666 env->eip = new_eip;
1667 env->segs[R_CS].selector = new_cs;
1668 env->segs[R_CS].base = (new_cs << 4);
1669 }
1670
1671 /* protected mode call */
1672 void helper_lcall_protected(int new_cs, target_ulong new_eip,
1673 int shift, int next_eip_addend)
1674 {
1675 int new_stack, i;
1676 uint32_t e1, e2, cpl, dpl, rpl, selector, offset, param_count;
1677 uint32_t ss = 0, ss_e1 = 0, ss_e2 = 0, sp, type, ss_dpl, sp_mask;
1678 uint32_t val, limit, old_sp_mask;
1679 target_ulong ssp, old_ssp, next_eip;
1680
1681 next_eip = env->eip + next_eip_addend;
1682 LOG_PCALL("lcall %04x:%08x s=%d\n", new_cs, (uint32_t)new_eip, shift);
1683 LOG_PCALL_STATE(env);
1684 if ((new_cs & 0xfffc) == 0) {
1685 raise_exception_err(env, EXCP0D_GPF, 0);
1686 }
1687 if (load_segment(&e1, &e2, new_cs) != 0) {
1688 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1689 }
1690 cpl = env->hflags & HF_CPL_MASK;
1691 LOG_PCALL("desc=%08x:%08x\n", e1, e2);
1692 if (e2 & DESC_S_MASK) {
1693 if (!(e2 & DESC_CS_MASK)) {
1694 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1695 }
1696 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1697 if (e2 & DESC_C_MASK) {
1698 /* conforming code segment */
1699 if (dpl > cpl) {
1700 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1701 }
1702 } else {
1703 /* non conforming code segment */
1704 rpl = new_cs & 3;
1705 if (rpl > cpl) {
1706 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1707 }
1708 if (dpl != cpl) {
1709 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1710 }
1711 }
1712 if (!(e2 & DESC_P_MASK)) {
1713 raise_exception_err(env, EXCP0B_NOSEG, new_cs & 0xfffc);
1714 }
1715
1716 #ifdef TARGET_X86_64
1717 /* XXX: check 16/32 bit cases in long mode */
1718 if (shift == 2) {
1719 target_ulong rsp;
1720
1721 /* 64 bit case */
1722 rsp = ESP;
1723 PUSHQ(rsp, env->segs[R_CS].selector);
1724 PUSHQ(rsp, next_eip);
1725 /* from this point, not restartable */
1726 ESP = rsp;
1727 cpu_x86_load_seg_cache(env, R_CS, (new_cs & 0xfffc) | cpl,
1728 get_seg_base(e1, e2),
1729 get_seg_limit(e1, e2), e2);
1730 EIP = new_eip;
1731 } else
1732 #endif
1733 {
1734 sp = ESP;
1735 sp_mask = get_sp_mask(env->segs[R_SS].flags);
1736 ssp = env->segs[R_SS].base;
1737 if (shift) {
1738 PUSHL(ssp, sp, sp_mask, env->segs[R_CS].selector);
1739 PUSHL(ssp, sp, sp_mask, next_eip);
1740 } else {
1741 PUSHW(ssp, sp, sp_mask, env->segs[R_CS].selector);
1742 PUSHW(ssp, sp, sp_mask, next_eip);
1743 }
1744
1745 limit = get_seg_limit(e1, e2);
1746 if (new_eip > limit) {
1747 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1748 }
1749 /* from this point, not restartable */
1750 SET_ESP(sp, sp_mask);
1751 cpu_x86_load_seg_cache(env, R_CS, (new_cs & 0xfffc) | cpl,
1752 get_seg_base(e1, e2), limit, e2);
1753 EIP = new_eip;
1754 }
1755 } else {
1756 /* check gate type */
1757 type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
1758 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1759 rpl = new_cs & 3;
1760 switch (type) {
1761 case 1: /* available 286 TSS */
1762 case 9: /* available 386 TSS */
1763 case 5: /* task gate */
1764 if (dpl < cpl || dpl < rpl) {
1765 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1766 }
1767 switch_tss(new_cs, e1, e2, SWITCH_TSS_CALL, next_eip);
1768 CC_OP = CC_OP_EFLAGS;
1769 return;
1770 case 4: /* 286 call gate */
1771 case 12: /* 386 call gate */
1772 break;
1773 default:
1774 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1775 break;
1776 }
1777 shift = type >> 3;
1778
1779 if (dpl < cpl || dpl < rpl) {
1780 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
1781 }
1782 /* check valid bit */
1783 if (!(e2 & DESC_P_MASK)) {
1784 raise_exception_err(env, EXCP0B_NOSEG, new_cs & 0xfffc);
1785 }
1786 selector = e1 >> 16;
1787 offset = (e2 & 0xffff0000) | (e1 & 0x0000ffff);
1788 param_count = e2 & 0x1f;
1789 if ((selector & 0xfffc) == 0) {
1790 raise_exception_err(env, EXCP0D_GPF, 0);
1791 }
1792
1793 if (load_segment(&e1, &e2, selector) != 0) {
1794 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1795 }
1796 if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK))) {
1797 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1798 }
1799 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1800 if (dpl > cpl) {
1801 raise_exception_err(env, EXCP0D_GPF, selector & 0xfffc);
1802 }
1803 if (!(e2 & DESC_P_MASK)) {
1804 raise_exception_err(env, EXCP0B_NOSEG, selector & 0xfffc);
1805 }
1806
1807 if (!(e2 & DESC_C_MASK) && dpl < cpl) {
1808 /* to inner privilege */
1809 get_ss_esp_from_tss(&ss, &sp, dpl);
1810 LOG_PCALL("new ss:esp=%04x:%08x param_count=%d ESP=" TARGET_FMT_lx
1811 "\n",
1812 ss, sp, param_count, ESP);
1813 if ((ss & 0xfffc) == 0) {
1814 raise_exception_err(env, EXCP0A_TSS, ss & 0xfffc);
1815 }
1816 if ((ss & 3) != dpl) {
1817 raise_exception_err(env, EXCP0A_TSS, ss & 0xfffc);
1818 }
1819 if (load_segment(&ss_e1, &ss_e2, ss) != 0) {
1820 raise_exception_err(env, EXCP0A_TSS, ss & 0xfffc);
1821 }
1822 ss_dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
1823 if (ss_dpl != dpl) {
1824 raise_exception_err(env, EXCP0A_TSS, ss & 0xfffc);
1825 }
1826 if (!(ss_e2 & DESC_S_MASK) ||
1827 (ss_e2 & DESC_CS_MASK) ||
1828 !(ss_e2 & DESC_W_MASK)) {
1829 raise_exception_err(env, EXCP0A_TSS, ss & 0xfffc);
1830 }
1831 if (!(ss_e2 & DESC_P_MASK)) {
1832 raise_exception_err(env, EXCP0A_TSS, ss & 0xfffc);
1833 }
1834
1835 /* push_size = ((param_count * 2) + 8) << shift; */
1836
1837 old_sp_mask = get_sp_mask(env->segs[R_SS].flags);
1838 old_ssp = env->segs[R_SS].base;
1839
1840 sp_mask = get_sp_mask(ss_e2);
1841 ssp = get_seg_base(ss_e1, ss_e2);
1842 if (shift) {
1843 PUSHL(ssp, sp, sp_mask, env->segs[R_SS].selector);
1844 PUSHL(ssp, sp, sp_mask, ESP);
1845 for (i = param_count - 1; i >= 0; i--) {
1846 val = ldl_kernel(old_ssp + ((ESP + i * 4) & old_sp_mask));
1847 PUSHL(ssp, sp, sp_mask, val);
1848 }
1849 } else {
1850 PUSHW(ssp, sp, sp_mask, env->segs[R_SS].selector);
1851 PUSHW(ssp, sp, sp_mask, ESP);
1852 for (i = param_count - 1; i >= 0; i--) {
1853 val = lduw_kernel(old_ssp + ((ESP + i * 2) & old_sp_mask));
1854 PUSHW(ssp, sp, sp_mask, val);
1855 }
1856 }
1857 new_stack = 1;
1858 } else {
1859 /* to same privilege */
1860 sp = ESP;
1861 sp_mask = get_sp_mask(env->segs[R_SS].flags);
1862 ssp = env->segs[R_SS].base;
1863 /* push_size = (4 << shift); */
1864 new_stack = 0;
1865 }
1866
1867 if (shift) {
1868 PUSHL(ssp, sp, sp_mask, env->segs[R_CS].selector);
1869 PUSHL(ssp, sp, sp_mask, next_eip);
1870 } else {
1871 PUSHW(ssp, sp, sp_mask, env->segs[R_CS].selector);
1872 PUSHW(ssp, sp, sp_mask, next_eip);
1873 }
1874
1875 /* from this point, not restartable */
1876
1877 if (new_stack) {
1878 ss = (ss & ~3) | dpl;
1879 cpu_x86_load_seg_cache(env, R_SS, ss,
1880 ssp,
1881 get_seg_limit(ss_e1, ss_e2),
1882 ss_e2);
1883 }
1884
1885 selector = (selector & ~3) | dpl;
1886 cpu_x86_load_seg_cache(env, R_CS, selector,
1887 get_seg_base(e1, e2),
1888 get_seg_limit(e1, e2),
1889 e2);
1890 cpu_x86_set_cpl(env, dpl);
1891 SET_ESP(sp, sp_mask);
1892 EIP = offset;
1893 }
1894 }
1895
1896 /* real and vm86 mode iret */
1897 void helper_iret_real(int shift)
1898 {
1899 uint32_t sp, new_cs, new_eip, new_eflags, sp_mask;
1900 target_ulong ssp;
1901 int eflags_mask;
1902
1903 sp_mask = 0xffff; /* XXXX: use SS segment size? */
1904 sp = ESP;
1905 ssp = env->segs[R_SS].base;
1906 if (shift == 1) {
1907 /* 32 bits */
1908 POPL(ssp, sp, sp_mask, new_eip);
1909 POPL(ssp, sp, sp_mask, new_cs);
1910 new_cs &= 0xffff;
1911 POPL(ssp, sp, sp_mask, new_eflags);
1912 } else {
1913 /* 16 bits */
1914 POPW(ssp, sp, sp_mask, new_eip);
1915 POPW(ssp, sp, sp_mask, new_cs);
1916 POPW(ssp, sp, sp_mask, new_eflags);
1917 }
1918 ESP = (ESP & ~sp_mask) | (sp & sp_mask);
1919 env->segs[R_CS].selector = new_cs;
1920 env->segs[R_CS].base = (new_cs << 4);
1921 env->eip = new_eip;
1922 if (env->eflags & VM_MASK) {
1923 eflags_mask = TF_MASK | AC_MASK | ID_MASK | IF_MASK | RF_MASK |
1924 NT_MASK;
1925 } else {
1926 eflags_mask = TF_MASK | AC_MASK | ID_MASK | IF_MASK | IOPL_MASK |
1927 RF_MASK | NT_MASK;
1928 }
1929 if (shift == 0) {
1930 eflags_mask &= 0xffff;
1931 }
1932 cpu_load_eflags(env, new_eflags, eflags_mask);
1933 env->hflags2 &= ~HF2_NMI_MASK;
1934 }
1935
1936 static inline void validate_seg(int seg_reg, int cpl)
1937 {
1938 int dpl;
1939 uint32_t e2;
1940
1941 /* XXX: on x86_64, we do not want to nullify FS and GS because
1942 they may still contain a valid base. I would be interested to
1943 know how a real x86_64 CPU behaves */
1944 if ((seg_reg == R_FS || seg_reg == R_GS) &&
1945 (env->segs[seg_reg].selector & 0xfffc) == 0) {
1946 return;
1947 }
1948
1949 e2 = env->segs[seg_reg].flags;
1950 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1951 if (!(e2 & DESC_CS_MASK) || !(e2 & DESC_C_MASK)) {
1952 /* data or non conforming code segment */
1953 if (dpl < cpl) {
1954 cpu_x86_load_seg_cache(env, seg_reg, 0, 0, 0, 0);
1955 }
1956 }
1957 }
1958
1959 /* protected mode iret */
1960 static inline void helper_ret_protected(int shift, int is_iret, int addend)
1961 {
1962 uint32_t new_cs, new_eflags, new_ss;
1963 uint32_t new_es, new_ds, new_fs, new_gs;
1964 uint32_t e1, e2, ss_e1, ss_e2;
1965 int cpl, dpl, rpl, eflags_mask, iopl;
1966 target_ulong ssp, sp, new_eip, new_esp, sp_mask;
1967
1968 #ifdef TARGET_X86_64
1969 if (shift == 2) {
1970 sp_mask = -1;
1971 } else
1972 #endif
1973 {
1974 sp_mask = get_sp_mask(env->segs[R_SS].flags);
1975 }
1976 sp = ESP;
1977 ssp = env->segs[R_SS].base;
1978 new_eflags = 0; /* avoid warning */
1979 #ifdef TARGET_X86_64
1980 if (shift == 2) {
1981 POPQ(sp, new_eip);
1982 POPQ(sp, new_cs);
1983 new_cs &= 0xffff;
1984 if (is_iret) {
1985 POPQ(sp, new_eflags);
1986 }
1987 } else
1988 #endif
1989 {
1990 if (shift == 1) {
1991 /* 32 bits */
1992 POPL(ssp, sp, sp_mask, new_eip);
1993 POPL(ssp, sp, sp_mask, new_cs);
1994 new_cs &= 0xffff;
1995 if (is_iret) {
1996 POPL(ssp, sp, sp_mask, new_eflags);
1997 if (new_eflags & VM_MASK) {
1998 goto return_to_vm86;
1999 }
2000 }
2001 } else {
2002 /* 16 bits */
2003 POPW(ssp, sp, sp_mask, new_eip);
2004 POPW(ssp, sp, sp_mask, new_cs);
2005 if (is_iret) {
2006 POPW(ssp, sp, sp_mask, new_eflags);
2007 }
2008 }
2009 }
2010 LOG_PCALL("lret new %04x:" TARGET_FMT_lx " s=%d addend=0x%x\n",
2011 new_cs, new_eip, shift, addend);
2012 LOG_PCALL_STATE(env);
2013 if ((new_cs & 0xfffc) == 0) {
2014 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
2015 }
2016 if (load_segment(&e1, &e2, new_cs) != 0) {
2017 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
2018 }
2019 if (!(e2 & DESC_S_MASK) ||
2020 !(e2 & DESC_CS_MASK)) {
2021 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
2022 }
2023 cpl = env->hflags & HF_CPL_MASK;
2024 rpl = new_cs & 3;
2025 if (rpl < cpl) {
2026 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
2027 }
2028 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2029 if (e2 & DESC_C_MASK) {
2030 if (dpl > rpl) {
2031 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
2032 }
2033 } else {
2034 if (dpl != rpl) {
2035 raise_exception_err(env, EXCP0D_GPF, new_cs & 0xfffc);
2036 }
2037 }
2038 if (!(e2 & DESC_P_MASK)) {
2039 raise_exception_err(env, EXCP0B_NOSEG, new_cs & 0xfffc);
2040 }
2041
2042 sp += addend;
2043 if (rpl == cpl && (!(env->hflags & HF_CS64_MASK) ||
2044 ((env->hflags & HF_CS64_MASK) && !is_iret))) {
2045 /* return to same privilege level */
2046 cpu_x86_load_seg_cache(env, R_CS, new_cs,
2047 get_seg_base(e1, e2),
2048 get_seg_limit(e1, e2),
2049 e2);
2050 } else {
2051 /* return to different privilege level */
2052 #ifdef TARGET_X86_64
2053 if (shift == 2) {
2054 POPQ(sp, new_esp);
2055 POPQ(sp, new_ss);
2056 new_ss &= 0xffff;
2057 } else
2058 #endif
2059 {
2060 if (shift == 1) {
2061 /* 32 bits */
2062 POPL(ssp, sp, sp_mask, new_esp);
2063 POPL(ssp, sp, sp_mask, new_ss);
2064 new_ss &= 0xffff;
2065 } else {
2066 /* 16 bits */
2067 POPW(ssp, sp, sp_mask, new_esp);
2068 POPW(ssp, sp, sp_mask, new_ss);
2069 }
2070 }
2071 LOG_PCALL("new ss:esp=%04x:" TARGET_FMT_lx "\n",
2072 new_ss, new_esp);
2073 if ((new_ss & 0xfffc) == 0) {
2074 #ifdef TARGET_X86_64
2075 /* NULL ss is allowed in long mode if cpl != 3 */
2076 /* XXX: test CS64? */
2077 if ((env->hflags & HF_LMA_MASK) && rpl != 3) {
2078 cpu_x86_load_seg_cache(env, R_SS, new_ss,
2079 0, 0xffffffff,
2080 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2081 DESC_S_MASK | (rpl << DESC_DPL_SHIFT) |
2082 DESC_W_MASK | DESC_A_MASK);
2083 ss_e2 = DESC_B_MASK; /* XXX: should not be needed? */
2084 } else
2085 #endif
2086 {
2087 raise_exception_err(env, EXCP0D_GPF, 0);
2088 }
2089 } else {
2090 if ((new_ss & 3) != rpl) {
2091 raise_exception_err(env, EXCP0D_GPF, new_ss & 0xfffc);
2092 }
2093 if (load_segment(&ss_e1, &ss_e2, new_ss) != 0) {
2094 raise_exception_err(env, EXCP0D_GPF, new_ss & 0xfffc);
2095 }
2096 if (!(ss_e2 & DESC_S_MASK) ||
2097 (ss_e2 & DESC_CS_MASK) ||
2098 !(ss_e2 & DESC_W_MASK)) {
2099 raise_exception_err(env, EXCP0D_GPF, new_ss & 0xfffc);
2100 }
2101 dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
2102 if (dpl != rpl) {
2103 raise_exception_err(env, EXCP0D_GPF, new_ss & 0xfffc);
2104 }
2105 if (!(ss_e2 & DESC_P_MASK)) {
2106 raise_exception_err(env, EXCP0B_NOSEG, new_ss & 0xfffc);
2107 }
2108 cpu_x86_load_seg_cache(env, R_SS, new_ss,
2109 get_seg_base(ss_e1, ss_e2),
2110 get_seg_limit(ss_e1, ss_e2),
2111 ss_e2);
2112 }
2113
2114 cpu_x86_load_seg_cache(env, R_CS, new_cs,
2115 get_seg_base(e1, e2),
2116 get_seg_limit(e1, e2),
2117 e2);
2118 cpu_x86_set_cpl(env, rpl);
2119 sp = new_esp;
2120 #ifdef TARGET_X86_64
2121 if (env->hflags & HF_CS64_MASK) {
2122 sp_mask = -1;
2123 } else
2124 #endif
2125 {
2126 sp_mask = get_sp_mask(ss_e2);
2127 }
2128
2129 /* validate data segments */
2130 validate_seg(R_ES, rpl);
2131 validate_seg(R_DS, rpl);
2132 validate_seg(R_FS, rpl);
2133 validate_seg(R_GS, rpl);
2134
2135 sp += addend;
2136 }
2137 SET_ESP(sp, sp_mask);
2138 env->eip = new_eip;
2139 if (is_iret) {
2140 /* NOTE: 'cpl' is the _old_ CPL */
2141 eflags_mask = TF_MASK | AC_MASK | ID_MASK | RF_MASK | NT_MASK;
2142 if (cpl == 0) {
2143 eflags_mask |= IOPL_MASK;
2144 }
2145 iopl = (env->eflags >> IOPL_SHIFT) & 3;
2146 if (cpl <= iopl) {
2147 eflags_mask |= IF_MASK;
2148 }
2149 if (shift == 0) {
2150 eflags_mask &= 0xffff;
2151 }
2152 cpu_load_eflags(env, new_eflags, eflags_mask);
2153 }
2154 return;
2155
2156 return_to_vm86:
2157 POPL(ssp, sp, sp_mask, new_esp);
2158 POPL(ssp, sp, sp_mask, new_ss);
2159 POPL(ssp, sp, sp_mask, new_es);
2160 POPL(ssp, sp, sp_mask, new_ds);
2161 POPL(ssp, sp, sp_mask, new_fs);
2162 POPL(ssp, sp, sp_mask, new_gs);
2163
2164 /* modify processor state */
2165 cpu_load_eflags(env, new_eflags, TF_MASK | AC_MASK | ID_MASK |
2166 IF_MASK | IOPL_MASK | VM_MASK | NT_MASK | VIF_MASK |
2167 VIP_MASK);
2168 load_seg_vm(R_CS, new_cs & 0xffff);
2169 cpu_x86_set_cpl(env, 3);
2170 load_seg_vm(R_SS, new_ss & 0xffff);
2171 load_seg_vm(R_ES, new_es & 0xffff);
2172 load_seg_vm(R_DS, new_ds & 0xffff);
2173 load_seg_vm(R_FS, new_fs & 0xffff);
2174 load_seg_vm(R_GS, new_gs & 0xffff);
2175
2176 env->eip = new_eip & 0xffff;
2177 ESP = new_esp;
2178 }
2179
2180 void helper_iret_protected(int shift, int next_eip)
2181 {
2182 int tss_selector, type;
2183 uint32_t e1, e2;
2184
2185 /* specific case for TSS */
2186 if (env->eflags & NT_MASK) {
2187 #ifdef TARGET_X86_64
2188 if (env->hflags & HF_LMA_MASK) {
2189 raise_exception_err(env, EXCP0D_GPF, 0);
2190 }
2191 #endif
2192 tss_selector = lduw_kernel(env->tr.base + 0);
2193 if (tss_selector & 4) {
2194 raise_exception_err(env, EXCP0A_TSS, tss_selector & 0xfffc);
2195 }
2196 if (load_segment(&e1, &e2, tss_selector) != 0) {
2197 raise_exception_err(env, EXCP0A_TSS, tss_selector & 0xfffc);
2198 }
2199 type = (e2 >> DESC_TYPE_SHIFT) & 0x17;
2200 /* NOTE: we check both segment and busy TSS */
2201 if (type != 3) {
2202 raise_exception_err(env, EXCP0A_TSS, tss_selector & 0xfffc);
2203 }
2204 switch_tss(tss_selector, e1, e2, SWITCH_TSS_IRET, next_eip);
2205 } else {
2206 helper_ret_protected(shift, 1, 0);
2207 }
2208 env->hflags2 &= ~HF2_NMI_MASK;
2209 }
2210
2211 void helper_lret_protected(int shift, int addend)
2212 {
2213 helper_ret_protected(shift, 0, addend);
2214 }
2215
2216 void helper_sysenter(void)
2217 {
2218 if (env->sysenter_cs == 0) {
2219 raise_exception_err(env, EXCP0D_GPF, 0);
2220 }
2221 env->eflags &= ~(VM_MASK | IF_MASK | RF_MASK);
2222 cpu_x86_set_cpl(env, 0);
2223
2224 #ifdef TARGET_X86_64
2225 if (env->hflags & HF_LMA_MASK) {
2226 cpu_x86_load_seg_cache(env, R_CS, env->sysenter_cs & 0xfffc,
2227 0, 0xffffffff,
2228 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2229 DESC_S_MASK |
2230 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK |
2231 DESC_L_MASK);
2232 } else
2233 #endif
2234 {
2235 cpu_x86_load_seg_cache(env, R_CS, env->sysenter_cs & 0xfffc,
2236 0, 0xffffffff,
2237 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2238 DESC_S_MASK |
2239 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
2240 }
2241 cpu_x86_load_seg_cache(env, R_SS, (env->sysenter_cs + 8) & 0xfffc,
2242 0, 0xffffffff,
2243 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2244 DESC_S_MASK |
2245 DESC_W_MASK | DESC_A_MASK);
2246 ESP = env->sysenter_esp;
2247 EIP = env->sysenter_eip;
2248 }
2249
2250 void helper_sysexit(int dflag)
2251 {
2252 int cpl;
2253
2254 cpl = env->hflags & HF_CPL_MASK;
2255 if (env->sysenter_cs == 0 || cpl != 0) {
2256 raise_exception_err(env, EXCP0D_GPF, 0);
2257 }
2258 cpu_x86_set_cpl(env, 3);
2259 #ifdef TARGET_X86_64
2260 if (dflag == 2) {
2261 cpu_x86_load_seg_cache(env, R_CS, ((env->sysenter_cs + 32) & 0xfffc) |
2262 3, 0, 0xffffffff,
2263 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2264 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
2265 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK |
2266 DESC_L_MASK);
2267 cpu_x86_load_seg_cache(env, R_SS, ((env->sysenter_cs + 40) & 0xfffc) |
2268 3, 0, 0xffffffff,
2269 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2270 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
2271 DESC_W_MASK | DESC_A_MASK);
2272 } else
2273 #endif
2274 {
2275 cpu_x86_load_seg_cache(env, R_CS, ((env->sysenter_cs + 16) & 0xfffc) |
2276 3, 0, 0xffffffff,
2277 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2278 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
2279 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
2280 cpu_x86_load_seg_cache(env, R_SS, ((env->sysenter_cs + 24) & 0xfffc) |
2281 3, 0, 0xffffffff,
2282 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2283 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
2284 DESC_W_MASK | DESC_A_MASK);
2285 }
2286 ESP = ECX;
2287 EIP = EDX;
2288 }
2289
2290 target_ulong helper_lsl(target_ulong selector1)
2291 {
2292 unsigned int limit;
2293 uint32_t e1, e2, eflags, selector;
2294 int rpl, dpl, cpl, type;
2295
2296 selector = selector1 & 0xffff;
2297 eflags = helper_cc_compute_all(CC_OP);
2298 if ((selector & 0xfffc) == 0) {
2299 goto fail;
2300 }
2301 if (load_segment(&e1, &e2, selector) != 0) {
2302 goto fail;
2303 }
2304 rpl = selector & 3;
2305 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2306 cpl = env->hflags & HF_CPL_MASK;
2307 if (e2 & DESC_S_MASK) {
2308 if ((e2 & DESC_CS_MASK) && (e2 & DESC_C_MASK)) {
2309 /* conforming */
2310 } else {
2311 if (dpl < cpl || dpl < rpl) {
2312 goto fail;
2313 }
2314 }
2315 } else {
2316 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
2317 switch (type) {
2318 case 1:
2319 case 2:
2320 case 3:
2321 case 9:
2322 case 11:
2323 break;
2324 default:
2325 goto fail;
2326 }
2327 if (dpl < cpl || dpl < rpl) {
2328 fail:
2329 CC_SRC = eflags & ~CC_Z;
2330 return 0;
2331 }
2332 }
2333 limit = get_seg_limit(e1, e2);
2334 CC_SRC = eflags | CC_Z;
2335 return limit;
2336 }
2337
2338 target_ulong helper_lar(target_ulong selector1)
2339 {
2340 uint32_t e1, e2, eflags, selector;
2341 int rpl, dpl, cpl, type;
2342
2343 selector = selector1 & 0xffff;
2344 eflags = helper_cc_compute_all(CC_OP);
2345 if ((selector & 0xfffc) == 0) {
2346 goto fail;
2347 }
2348 if (load_segment(&e1, &e2, selector) != 0) {
2349 goto fail;
2350 }
2351 rpl = selector & 3;
2352 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2353 cpl = env->hflags & HF_CPL_MASK;
2354 if (e2 & DESC_S_MASK) {
2355 if ((e2 & DESC_CS_MASK) && (e2 & DESC_C_MASK)) {
2356 /* conforming */
2357 } else {
2358 if (dpl < cpl || dpl < rpl) {
2359 goto fail;
2360 }
2361 }
2362 } else {
2363 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
2364 switch (type) {
2365 case 1:
2366 case 2:
2367 case 3:
2368 case 4:
2369 case 5:
2370 case 9:
2371 case 11:
2372 case 12:
2373 break;
2374 default:
2375 goto fail;
2376 }
2377 if (dpl < cpl || dpl < rpl) {
2378 fail:
2379 CC_SRC = eflags & ~CC_Z;
2380 return 0;
2381 }
2382 }
2383 CC_SRC = eflags | CC_Z;
2384 return e2 & 0x00f0ff00;
2385 }
2386
2387 void helper_verr(target_ulong selector1)
2388 {
2389 uint32_t e1, e2, eflags, selector;
2390 int rpl, dpl, cpl;
2391
2392 selector = selector1 & 0xffff;
2393 eflags = helper_cc_compute_all(CC_OP);
2394 if ((selector & 0xfffc) == 0) {
2395 goto fail;
2396 }
2397 if (load_segment(&e1, &e2, selector) != 0) {
2398 goto fail;
2399 }
2400 if (!(e2 & DESC_S_MASK)) {
2401 goto fail;
2402 }
2403 rpl = selector & 3;
2404 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2405 cpl = env->hflags & HF_CPL_MASK;
2406 if (e2 & DESC_CS_MASK) {
2407 if (!(e2 & DESC_R_MASK)) {
2408 goto fail;
2409 }
2410 if (!(e2 & DESC_C_MASK)) {
2411 if (dpl < cpl || dpl < rpl) {
2412 goto fail;
2413 }
2414 }
2415 } else {
2416 if (dpl < cpl || dpl < rpl) {
2417 fail:
2418 CC_SRC = eflags & ~CC_Z;
2419 return;
2420 }
2421 }
2422 CC_SRC = eflags | CC_Z;
2423 }
2424
2425 void helper_verw(target_ulong selector1)
2426 {
2427 uint32_t e1, e2, eflags, selector;
2428 int rpl, dpl, cpl;
2429
2430 selector = selector1 & 0xffff;
2431 eflags = helper_cc_compute_all(CC_OP);
2432 if ((selector & 0xfffc) == 0) {
2433 goto fail;
2434 }
2435 if (load_segment(&e1, &e2, selector) != 0) {
2436 goto fail;
2437 }
2438 if (!(e2 & DESC_S_MASK)) {
2439 goto fail;
2440 }
2441 rpl = selector & 3;
2442 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2443 cpl = env->hflags & HF_CPL_MASK;
2444 if (e2 & DESC_CS_MASK) {
2445 goto fail;
2446 } else {
2447 if (dpl < cpl || dpl < rpl) {
2448 goto fail;
2449 }
2450 if (!(e2 & DESC_W_MASK)) {
2451 fail:
2452 CC_SRC = eflags & ~CC_Z;
2453 return;
2454 }
2455 }
2456 CC_SRC = eflags | CC_Z;
2457 }
2458
2459 #if defined(CONFIG_USER_ONLY)
2460 void cpu_x86_load_seg(CPUX86State *s, int seg_reg, int selector)
2461 {
2462 CPUX86State *saved_env;
2463
2464 saved_env = env;
2465 env = s;
2466 if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK)) {
2467 selector &= 0xffff;
2468 cpu_x86_load_seg_cache(env, seg_reg, selector,
2469 (selector << 4), 0xffff, 0);
2470 } else {
2471 helper_load_seg(seg_reg, selector);
2472 }
2473 env = saved_env;
2474 }
2475 #endif
Qemu with PowerPC KVM improvements