linux-user/i386/cpu_loop.c

   1 /*
   2  *  qemu user cpu loop
   3  *
   4  *  Copyright (c) 2003-2008 Fabrice Bellard
   5  *
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 2 of the License, or
   9  *  (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 #include "qemu/osdep.h"
  21 #include "qemu.h"
  22 #include "qemu/timer.h"
  23 #include "user-internals.h"
  24 #include "cpu_loop-common.h"
  25 #include "signal-common.h"
  26 #include "user-mmap.h"
  27
  28 /***********************************************************/
  29 /* CPUX86 core interface */
  30
  31 uint64_t cpu_get_tsc(CPUX86State *env)
  32 {
  33     return cpu_get_host_ticks();
  34 }
  35
  36 static void write_dt(void *ptr, unsigned long addr, unsigned long limit,
  37               int flags)
  38 {
  39     unsigned int e1, e2;
  40     uint32_t *p;
  41     e1 = (addr << 16) | (limit & 0xffff);
  42     e2 = ((addr >> 16) & 0xff) | (addr & 0xff000000) | (limit & 0x000f0000);
  43     e2 |= flags;
  44     p = ptr;
  45     p[0] = tswap32(e1);
  46     p[1] = tswap32(e2);
  47 }
  48
  49 static uint64_t *idt_table;
  50
  51 static void set_gate64(void *ptr, unsigned int type, unsigned int dpl,
  52                        uint64_t addr, unsigned int sel)
  53 {
  54     uint32_t *p, e1, e2;
  55     e1 = (addr & 0xffff) | (sel << 16);
  56     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
  57     p = ptr;
  58     p[0] = tswap32(e1);
  59     p[1] = tswap32(e2);
  60     p[2] = tswap32(addr >> 32);
  61     p[3] = 0;
  62 }
  63
  64 #ifdef TARGET_X86_64
  65 /* only dpl matters as we do only user space emulation */
  66 static void set_idt(int n, unsigned int dpl, bool is64)
  67 {
  68     set_gate64(idt_table + n * 2, 0, dpl, 0, 0);
  69 }
  70 #else
  71 static void set_gate(void *ptr, unsigned int type, unsigned int dpl,
  72                      uint32_t addr, unsigned int sel)
  73 {
  74     uint32_t *p, e1, e2;
  75     e1 = (addr & 0xffff) | (sel << 16);
  76     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
  77     p = ptr;
  78     p[0] = tswap32(e1);
  79     p[1] = tswap32(e2);
  80 }
  81
  82 /* only dpl matters as we do only user space emulation */
  83 static void set_idt(int n, unsigned int dpl, bool is64)
  84 {
  85     if (is64) {
  86         set_gate64(idt_table + n * 2, 0, dpl, 0, 0);
  87     } else {
  88         set_gate(idt_table + n, 0, dpl, 0, 0);
  89     }
  90 }
  91 #endif
  92
  93 #ifdef TARGET_X86_64
  94 static bool write_ok_or_segv(CPUX86State *env, abi_ptr addr, size_t len)
  95 {
  96     /*
  97      * For all the vsyscalls, NULL means "don't write anything" not
  98      * "write it at address 0".
  99      */
 100     if (addr == 0 || access_ok(env_cpu(env), VERIFY_WRITE, addr, len)) {
 101         return true;
 102     }
 103
 104     env->error_code = PG_ERROR_W_MASK | PG_ERROR_U_MASK;
 105     force_sig_fault(TARGET_SIGSEGV, TARGET_SEGV_MAPERR, addr);
 106     return false;
 107 }
 108
 109 /*
 110  * Since v3.1, the kernel traps and emulates the vsyscall page.
 111  * Entry points other than the official generate SIGSEGV.
 112  */
 113 static void emulate_vsyscall(CPUX86State *env)
 114 {
 115     int syscall;
 116     abi_ulong ret;
 117     uint64_t caller;
 118
 119     /*
 120      * Validate the entry point.  We have already validated the page
 121      * during translation to get here; now verify the offset.
 122      */
 123     switch (env->eip & ~TARGET_PAGE_MASK) {
 124     case 0x000:
 125         syscall = TARGET_NR_gettimeofday;
 126         break;
 127     case 0x400:
 128         syscall = TARGET_NR_time;
 129         break;
 130     case 0x800:
 131         syscall = TARGET_NR_getcpu;
 132         break;
 133     default:
 134         goto sigsegv;
 135     }
 136
 137     /*
 138      * Validate the return address.
 139      * Note that the kernel treats this the same as an invalid entry point.
 140      */
 141     if (get_user_u64(caller, env->regs[R_ESP])) {
 142         goto sigsegv;
 143     }
 144
 145     /*
 146      * Validate the pointer arguments.
 147      */
 148     switch (syscall) {
 149     case TARGET_NR_gettimeofday:
 150         if (!write_ok_or_segv(env, env->regs[R_EDI],
 151                               sizeof(struct target_timeval)) ||
 152             !write_ok_or_segv(env, env->regs[R_ESI],
 153                               sizeof(struct target_timezone))) {
 154             return;
 155         }
 156         break;
 157     case TARGET_NR_time:
 158         if (!write_ok_or_segv(env, env->regs[R_EDI], sizeof(abi_long))) {
 159             return;
 160         }
 161         break;
 162     case TARGET_NR_getcpu:
 163         if (!write_ok_or_segv(env, env->regs[R_EDI], sizeof(uint32_t)) ||
 164             !write_ok_or_segv(env, env->regs[R_ESI], sizeof(uint32_t))) {
 165             return;
 166         }
 167         break;
 168     default:
 169         g_assert_not_reached();
 170     }
 171
 172     /*
 173      * Perform the syscall.  None of the vsyscalls should need restarting.
 174      */
 175     get_task_state(env_cpu(env))->orig_ax = syscall;
 176     ret = do_syscall(env, syscall, env->regs[R_EDI], env->regs[R_ESI],
 177                      env->regs[R_EDX], env->regs[10], env->regs[8],
 178                      env->regs[9], 0, 0);
 179     g_assert(ret != -QEMU_ERESTARTSYS);
 180     g_assert(ret != -QEMU_ESIGRETURN);
 181     if (ret == -TARGET_EFAULT) {
 182         goto sigsegv;
 183     }
 184     env->regs[R_EAX] = ret;
 185
 186     /* Emulate a ret instruction to leave the vsyscall page.  */
 187     env->eip = caller;
 188     env->regs[R_ESP] += 8;
 189     return;
 190
 191  sigsegv:
 192     force_sig(TARGET_SIGSEGV);
 193 }
 194 #endif
 195
 196 static bool maybe_handle_vm86_trap(CPUX86State *env, int trapnr)
 197 {
 198 #ifndef TARGET_X86_64
 199     if (env->eflags & VM_MASK) {
 200         handle_vm86_trap(env, trapnr);
 201         return true;
 202     }
 203 #endif
 204     return false;
 205 }
 206
 207 void cpu_loop(CPUX86State *env)
 208 {
 209     CPUState *cs = env_cpu(env);
 210     int trapnr;
 211     abi_ulong ret;
 212
 213     for(;;) {
 214         cpu_exec_start(cs);
 215         trapnr = cpu_exec(cs);
 216         cpu_exec_end(cs);
 217         process_queued_cpu_work(cs);
 218
 219         switch(trapnr) {
 220         case 0x80:
 221 #ifndef TARGET_X86_64
 222         case EXCP_SYSCALL:
 223 #endif
 224             /* linux syscall from int $0x80 */
 225             get_task_state(cs)->orig_ax = env->regs[R_EAX];
 226             ret = do_syscall(env,
 227                              env->regs[R_EAX],
 228                              env->regs[R_EBX],
 229                              env->regs[R_ECX],
 230                              env->regs[R_EDX],
 231                              env->regs[R_ESI],
 232                              env->regs[R_EDI],
 233                              env->regs[R_EBP],
 234                              0, 0);
 235             if (ret == -QEMU_ERESTARTSYS) {
 236                 env->eip -= 2;
 237             } else if (ret != -QEMU_ESIGRETURN) {
 238                 env->regs[R_EAX] = ret;
 239             }
 240             break;
 241 #ifdef TARGET_X86_64
 242         case EXCP_SYSCALL:
 243             /* linux syscall from syscall instruction.  */
 244             get_task_state(cs)->orig_ax = env->regs[R_EAX];
 245             ret = do_syscall(env,
 246                              env->regs[R_EAX],
 247                              env->regs[R_EDI],
 248                              env->regs[R_ESI],
 249                              env->regs[R_EDX],
 250                              env->regs[10],
 251                              env->regs[8],
 252                              env->regs[9],
 253                              0, 0);
 254             if (ret == -QEMU_ERESTARTSYS) {
 255                 env->eip -= 2;
 256             } else if (ret != -QEMU_ESIGRETURN) {
 257                 env->regs[R_EAX] = ret;
 258             }
 259             break;
 260         case EXCP_VSYSCALL:
 261             emulate_vsyscall(env);
 262             break;
 263 #endif
 264         case EXCP0B_NOSEG:
 265         case EXCP0C_STACK:
 266             force_sig(TARGET_SIGBUS);
 267             break;
 268         case EXCP0D_GPF:
 269             /* XXX: potential problem if ABI32 */
 270             if (maybe_handle_vm86_trap(env, trapnr)) {
 271                 break;
 272             }
 273             force_sig(TARGET_SIGSEGV);
 274             break;
 275         case EXCP0E_PAGE:
 276             force_sig_fault(TARGET_SIGSEGV,
 277                             (env->error_code & PG_ERROR_P_MASK ?
 278                              TARGET_SEGV_ACCERR : TARGET_SEGV_MAPERR),
 279                             env->cr[2]);
 280             break;
 281         case EXCP00_DIVZ:
 282             if (maybe_handle_vm86_trap(env, trapnr)) {
 283                 break;
 284             }
 285             force_sig_fault(TARGET_SIGFPE, TARGET_FPE_INTDIV, env->eip);
 286             break;
 287         case EXCP01_DB:
 288             if (maybe_handle_vm86_trap(env, trapnr)) {
 289                 break;
 290             }
 291             force_sig_fault(TARGET_SIGTRAP, TARGET_TRAP_BRKPT, env->eip);
 292             break;
 293         case EXCP03_INT3:
 294             if (maybe_handle_vm86_trap(env, trapnr)) {
 295                 break;
 296             }
 297             force_sig(TARGET_SIGTRAP);
 298             break;
 299         case EXCP04_INTO:
 300         case EXCP05_BOUND:
 301             if (maybe_handle_vm86_trap(env, trapnr)) {
 302                 break;
 303             }
 304             force_sig(TARGET_SIGSEGV);
 305             break;
 306         case EXCP06_ILLOP:
 307             force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPN, env->eip);
 308             break;
 309         case EXCP_INTERRUPT:
 310             /* just indicate that signals should be handled asap */
 311             break;
 312         case EXCP_DEBUG:
 313             force_sig_fault(TARGET_SIGTRAP, TARGET_TRAP_BRKPT, env->eip);
 314             break;
 315         case EXCP_ATOMIC:
 316             cpu_exec_step_atomic(cs);
 317             break;
 318         default:
 319             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n",
 320                       trapnr);
 321             abort();
 322         }
 323         process_pending_signals(env);
 324     }
 325 }
 326
 327 static void target_cpu_free(void *obj)
 328 {
 329     target_munmap(cpu_env(obj)->gdt.base,
 330                   sizeof(uint64_t) * TARGET_GDT_ENTRIES);
 331     g_free(obj);
 332 }
 333
 334 void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
 335 {
 336     CPUState *cpu = env_cpu(env);
 337     bool is64 = (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM) != 0;
 338     int i;
 339
 340     OBJECT(cpu)->free = target_cpu_free;
 341     env->cr[0] = CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK;
 342     env->hflags |= HF_PE_MASK | HF_CPL_MASK;
 343     if (env->features[FEAT_1_EDX] & CPUID_SSE) {
 344         env->cr[4] |= CR4_OSFXSR_MASK;
 345         env->hflags |= HF_OSFXSR_MASK;
 346     }
 347
 348     /* enable 64 bit mode if possible */
 349     if (is64) {
 350         env->cr[4] |= CR4_PAE_MASK;
 351         env->efer |= MSR_EFER_LMA | MSR_EFER_LME;
 352         env->hflags |= HF_LMA_MASK;
 353     }
 354 #ifndef TARGET_ABI32
 355     else {
 356         fprintf(stderr, "The selected x86 CPU does not support 64 bit mode\n");
 357         exit(EXIT_FAILURE);
 358     }
 359 #endif
 360
 361     /* flags setup : we activate the IRQs by default as in user mode */
 362     env->eflags |= IF_MASK;
 363
 364     /* linux register setup */
 365 #ifndef TARGET_ABI32
 366     env->regs[R_EAX] = regs->rax;
 367     env->regs[R_EBX] = regs->rbx;
 368     env->regs[R_ECX] = regs->rcx;
 369     env->regs[R_EDX] = regs->rdx;
 370     env->regs[R_ESI] = regs->rsi;
 371     env->regs[R_EDI] = regs->rdi;
 372     env->regs[R_EBP] = regs->rbp;
 373     env->regs[R_ESP] = regs->rsp;
 374     env->eip = regs->rip;
 375 #else
 376     env->regs[R_EAX] = regs->eax;
 377     env->regs[R_EBX] = regs->ebx;
 378     env->regs[R_ECX] = regs->ecx;
 379     env->regs[R_EDX] = regs->edx;
 380     env->regs[R_ESI] = regs->esi;
 381     env->regs[R_EDI] = regs->edi;
 382     env->regs[R_EBP] = regs->ebp;
 383     env->regs[R_ESP] = regs->esp;
 384     env->eip = regs->eip;
 385 #endif
 386
 387     /* linux interrupt setup */
 388 #ifndef TARGET_ABI32
 389     env->idt.limit = 511;
 390 #else
 391     env->idt.limit = 255;
 392 #endif
 393     env->idt.base = target_mmap(0, sizeof(uint64_t) * (env->idt.limit + 1),
 394                                 PROT_READ|PROT_WRITE,
 395                                 MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
 396     idt_table = g2h_untagged(env->idt.base);
 397     for (i = 0; i < 20; i++) {
 398         set_idt(i, 0, is64);
 399     }
 400     set_idt(3, 3, is64);
 401     set_idt(4, 3, is64);
 402     set_idt(0x80, 3, is64);
 403
 404     /* linux segment setup */
 405     {
 406         uint64_t *gdt_table;
 407         env->gdt.base = target_mmap(0, sizeof(uint64_t) * TARGET_GDT_ENTRIES,
 408                                     PROT_READ|PROT_WRITE,
 409                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
 410         env->gdt.limit = sizeof(uint64_t) * TARGET_GDT_ENTRIES - 1;
 411         gdt_table = g2h_untagged(env->gdt.base);
 412 #ifdef TARGET_ABI32
 413         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
 414                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
 415                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
 416 #else
 417         /* 64 bit code segment */
 418         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
 419                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
 420                  DESC_L_MASK |
 421                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
 422 #endif
 423         write_dt(&gdt_table[__USER_DS >> 3], 0, 0xfffff,
 424                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
 425                  (3 << DESC_DPL_SHIFT) | (0x2 << DESC_TYPE_SHIFT));
 426     }
 427     cpu_x86_load_seg(env, R_CS, __USER_CS);
 428     cpu_x86_load_seg(env, R_SS, __USER_DS);
 429 #ifdef TARGET_ABI32
 430     cpu_x86_load_seg(env, R_DS, __USER_DS);
 431     cpu_x86_load_seg(env, R_ES, __USER_DS);
 432     cpu_x86_load_seg(env, R_FS, __USER_DS);
 433     cpu_x86_load_seg(env, R_GS, __USER_DS);
 434     /* This hack makes Wine work... */
 435     env->segs[R_FS].selector = 0;
 436 #else
 437     cpu_x86_load_seg(env, R_DS, 0);
 438     cpu_x86_load_seg(env, R_ES, 0);
 439     cpu_x86_load_seg(env, R_FS, 0);
 440     cpu_x86_load_seg(env, R_GS, 0);
 441 #endif
 442 }