1 /* 2 * Copyright (C) 2016 Veertu Inc, 3 * Copyright (C) 2017 Google Inc, 4 * 5 * This program is free software; you can redistribute it and/or 6 * modify it under the terms of the GNU Lesser General Public 7 * License as published by the Free Software Foundation; either 8 * version 2.1 of the License, or (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 * Lesser General Public License for more details. 14 * 15 * You should have received a copy of the GNU Lesser General Public 16 * License along with this program; if not, see <http://www.gnu.org/licenses/>. 17 */ 18 19 ///////////////////////////////////////////////////////////////////////// 20 // 21 // Copyright (C) 2001-2012 The Bochs Project 22 // 23 // This library is free software; you can redistribute it and/or 24 // modify it under the terms of the GNU Lesser General Public 25 // License as published by the Free Software Foundation; either 26 // version 2.1 of the License, or (at your option) any later version. 27 // 28 // This library is distributed in the hope that it will be useful, 29 // but WITHOUT ANY WARRANTY; without even the implied warranty of 30 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 31 // Lesser General Public License for more details. 32 // 33 // You should have received a copy of the GNU Lesser General Public 34 // License along with this library; if not, write to the Free Software 35 // Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA B 02110-1301 USA 36 ///////////////////////////////////////////////////////////////////////// 37 38 #include "qemu/osdep.h" 39 #include "panic.h" 40 #include "x86_decode.h" 41 #include "x86.h" 42 #include "x86_emu.h" 43 #include "x86_mmu.h" 44 #include "x86_flags.h" 45 #include "vmcs.h" 46 #include "vmx.h" 47 #include "hvf-i386.h" 48 49 #define EXEC_2OP_FLAGS_CMD(env, decode, cmd, FLAGS_FUNC, save_res) \ 50 { \ 51 fetch_operands(env, decode, 2, true, true, false); \ 52 switch (decode->operand_size) { \ 53 case 1: \ 54 { \ 55 uint8_t v1 = (uint8_t)decode->op[0].val; \ 56 uint8_t v2 = (uint8_t)decode->op[1].val; \ 57 uint8_t diff = v1 cmd v2; \ 58 if (save_res) { \ 59 write_val_ext(env, decode->op[0].ptr, diff, 1); \ 60 } \ 61 FLAGS_FUNC##8(env, v1, v2, diff); \ 62 break; \ 63 } \ 64 case 2: \ 65 { \ 66 uint16_t v1 = (uint16_t)decode->op[0].val; \ 67 uint16_t v2 = (uint16_t)decode->op[1].val; \ 68 uint16_t diff = v1 cmd v2; \ 69 if (save_res) { \ 70 write_val_ext(env, decode->op[0].ptr, diff, 2); \ 71 } \ 72 FLAGS_FUNC##16(env, v1, v2, diff); \ 73 break; \ 74 } \ 75 case 4: \ 76 { \ 77 uint32_t v1 = (uint32_t)decode->op[0].val; \ 78 uint32_t v2 = (uint32_t)decode->op[1].val; \ 79 uint32_t diff = v1 cmd v2; \ 80 if (save_res) { \ 81 write_val_ext(env, decode->op[0].ptr, diff, 4); \ 82 } \ 83 FLAGS_FUNC##32(env, v1, v2, diff); \ 84 break; \ 85 } \ 86 default: \ 87 VM_PANIC("bad size\n"); \ 88 } \ 89 } \ 90 91 target_ulong read_reg(CPUX86State *env, int reg, int size) 92 { 93 switch (size) { 94 case 1: 95 return x86_reg(env, reg)->lx; 96 case 2: 97 return x86_reg(env, reg)->rx; 98 case 4: 99 return x86_reg(env, reg)->erx; 100 case 8: 101 return x86_reg(env, reg)->rrx; 102 default: 103 abort(); 104 } 105 return 0; 106 } 107 108 void write_reg(CPUX86State *env, int reg, target_ulong val, int size) 109 { 110 switch (size) { 111 case 1: 112 x86_reg(env, reg)->lx = val; 113 break; 114 case 2: 115 x86_reg(env, reg)->rx = val; 116 break; 117 case 4: 118 x86_reg(env, reg)->rrx = (uint32_t)val; 119 break; 120 case 8: 121 x86_reg(env, reg)->rrx = val; 122 break; 123 default: 124 abort(); 125 } 126 } 127 128 target_ulong read_val_from_reg(target_ulong reg_ptr, int size) 129 { 130 target_ulong val; 131 132 switch (size) { 133 case 1: 134 val = *(uint8_t *)reg_ptr; 135 break; 136 case 2: 137 val = *(uint16_t *)reg_ptr; 138 break; 139 case 4: 140 val = *(uint32_t *)reg_ptr; 141 break; 142 case 8: 143 val = *(uint64_t *)reg_ptr; 144 break; 145 default: 146 abort(); 147 } 148 return val; 149 } 150 151 void write_val_to_reg(target_ulong reg_ptr, target_ulong val, int size) 152 { 153 switch (size) { 154 case 1: 155 *(uint8_t *)reg_ptr = val; 156 break; 157 case 2: 158 *(uint16_t *)reg_ptr = val; 159 break; 160 case 4: 161 *(uint64_t *)reg_ptr = (uint32_t)val; 162 break; 163 case 8: 164 *(uint64_t *)reg_ptr = val; 165 break; 166 default: 167 abort(); 168 } 169 } 170 171 static bool is_host_reg(CPUX86State *env, target_ulong ptr) 172 { 173 return (ptr - (target_ulong)&env->regs[0]) < sizeof(env->regs); 174 } 175 176 void write_val_ext(CPUX86State *env, target_ulong ptr, target_ulong val, int size) 177 { 178 if (is_host_reg(env, ptr)) { 179 write_val_to_reg(ptr, val, size); 180 return; 181 } 182 emul_ops->write_mem(env_cpu(env), &val, ptr, size); 183 } 184 185 uint8_t *read_mmio(CPUX86State *env, target_ulong ptr, int bytes) 186 { 187 emul_ops->read_mem(env_cpu(env), env->emu_mmio_buf, ptr, bytes); 188 return env->emu_mmio_buf; 189 } 190 191 192 target_ulong read_val_ext(CPUX86State *env, target_ulong ptr, int size) 193 { 194 target_ulong val; 195 uint8_t *mmio_ptr; 196 197 if (is_host_reg(env, ptr)) { 198 return read_val_from_reg(ptr, size); 199 } 200 201 mmio_ptr = read_mmio(env, ptr, size); 202 switch (size) { 203 case 1: 204 val = *(uint8_t *)mmio_ptr; 205 break; 206 case 2: 207 val = *(uint16_t *)mmio_ptr; 208 break; 209 case 4: 210 val = *(uint32_t *)mmio_ptr; 211 break; 212 case 8: 213 val = *(uint64_t *)mmio_ptr; 214 break; 215 default: 216 VM_PANIC("bad size\n"); 217 break; 218 } 219 return val; 220 } 221 222 static void fetch_operands(CPUX86State *env, struct x86_decode *decode, 223 int n, bool val_op0, bool val_op1, bool val_op2) 224 { 225 int i; 226 bool calc_val[3] = {val_op0, val_op1, val_op2}; 227 228 for (i = 0; i < n; i++) { 229 switch (decode->op[i].type) { 230 case X86_VAR_IMMEDIATE: 231 break; 232 case X86_VAR_REG: 233 VM_PANIC_ON(!decode->op[i].ptr); 234 if (calc_val[i]) { 235 decode->op[i].val = read_val_from_reg(decode->op[i].ptr, 236 decode->operand_size); 237 } 238 break; 239 case X86_VAR_RM: 240 calc_modrm_operand(env, decode, &decode->op[i]); 241 if (calc_val[i]) { 242 decode->op[i].val = read_val_ext(env, decode->op[i].ptr, 243 decode->operand_size); 244 } 245 break; 246 case X86_VAR_OFFSET: 247 decode->op[i].ptr = decode_linear_addr(env, decode, 248 decode->op[i].ptr, 249 R_DS); 250 if (calc_val[i]) { 251 decode->op[i].val = read_val_ext(env, decode->op[i].ptr, 252 decode->operand_size); 253 } 254 break; 255 default: 256 break; 257 } 258 } 259 } 260 261 static void exec_mov(CPUX86State *env, struct x86_decode *decode) 262 { 263 fetch_operands(env, decode, 2, false, true, false); 264 write_val_ext(env, decode->op[0].ptr, decode->op[1].val, 265 decode->operand_size); 266 267 env->eip += decode->len; 268 } 269 270 static void exec_add(CPUX86State *env, struct x86_decode *decode) 271 { 272 EXEC_2OP_FLAGS_CMD(env, decode, +, SET_FLAGS_OSZAPC_ADD, true); 273 env->eip += decode->len; 274 } 275 276 static void exec_or(CPUX86State *env, struct x86_decode *decode) 277 { 278 EXEC_2OP_FLAGS_CMD(env, decode, |, SET_FLAGS_OSZAPC_LOGIC, true); 279 env->eip += decode->len; 280 } 281 282 static void exec_adc(CPUX86State *env, struct x86_decode *decode) 283 { 284 EXEC_2OP_FLAGS_CMD(env, decode, +get_CF(env)+, SET_FLAGS_OSZAPC_ADD, true); 285 env->eip += decode->len; 286 } 287 288 static void exec_sbb(CPUX86State *env, struct x86_decode *decode) 289 { 290 EXEC_2OP_FLAGS_CMD(env, decode, -get_CF(env)-, SET_FLAGS_OSZAPC_SUB, true); 291 env->eip += decode->len; 292 } 293 294 static void exec_and(CPUX86State *env, struct x86_decode *decode) 295 { 296 EXEC_2OP_FLAGS_CMD(env, decode, &, SET_FLAGS_OSZAPC_LOGIC, true); 297 env->eip += decode->len; 298 } 299 300 static void exec_sub(CPUX86State *env, struct x86_decode *decode) 301 { 302 EXEC_2OP_FLAGS_CMD(env, decode, -, SET_FLAGS_OSZAPC_SUB, true); 303 env->eip += decode->len; 304 } 305 306 static void exec_xor(CPUX86State *env, struct x86_decode *decode) 307 { 308 EXEC_2OP_FLAGS_CMD(env, decode, ^, SET_FLAGS_OSZAPC_LOGIC, true); 309 env->eip += decode->len; 310 } 311 312 static void exec_neg(CPUX86State *env, struct x86_decode *decode) 313 { 314 /*EXEC_2OP_FLAGS_CMD(env, decode, -, SET_FLAGS_OSZAPC_SUB, false);*/ 315 int32_t val; 316 fetch_operands(env, decode, 2, true, true, false); 317 318 val = 0 - sign(decode->op[1].val, decode->operand_size); 319 write_val_ext(env, decode->op[1].ptr, val, decode->operand_size); 320 321 if (4 == decode->operand_size) { 322 SET_FLAGS_OSZAPC_SUB32(env, 0, 0 - val, val); 323 } else if (2 == decode->operand_size) { 324 SET_FLAGS_OSZAPC_SUB16(env, 0, 0 - val, val); 325 } else if (1 == decode->operand_size) { 326 SET_FLAGS_OSZAPC_SUB8(env, 0, 0 - val, val); 327 } else { 328 VM_PANIC("bad op size\n"); 329 } 330 331 /*lflags_to_rflags(env);*/ 332 env->eip += decode->len; 333 } 334 335 static void exec_cmp(CPUX86State *env, struct x86_decode *decode) 336 { 337 EXEC_2OP_FLAGS_CMD(env, decode, -, SET_FLAGS_OSZAPC_SUB, false); 338 env->eip += decode->len; 339 } 340 341 static void exec_inc(CPUX86State *env, struct x86_decode *decode) 342 { 343 decode->op[1].type = X86_VAR_IMMEDIATE; 344 decode->op[1].val = 0; 345 346 EXEC_2OP_FLAGS_CMD(env, decode, +1+, SET_FLAGS_OSZAP_ADD, true); 347 348 env->eip += decode->len; 349 } 350 351 static void exec_dec(CPUX86State *env, struct x86_decode *decode) 352 { 353 decode->op[1].type = X86_VAR_IMMEDIATE; 354 decode->op[1].val = 0; 355 356 EXEC_2OP_FLAGS_CMD(env, decode, -1-, SET_FLAGS_OSZAP_SUB, true); 357 env->eip += decode->len; 358 } 359 360 static void exec_tst(CPUX86State *env, struct x86_decode *decode) 361 { 362 EXEC_2OP_FLAGS_CMD(env, decode, &, SET_FLAGS_OSZAPC_LOGIC, false); 363 env->eip += decode->len; 364 } 365 366 static void exec_not(CPUX86State *env, struct x86_decode *decode) 367 { 368 fetch_operands(env, decode, 1, true, false, false); 369 370 write_val_ext(env, decode->op[0].ptr, ~decode->op[0].val, 371 decode->operand_size); 372 env->eip += decode->len; 373 } 374 375 void exec_movzx(CPUX86State *env, struct x86_decode *decode) 376 { 377 int src_op_size; 378 int op_size = decode->operand_size; 379 380 fetch_operands(env, decode, 1, false, false, false); 381 382 if (0xb6 == decode->opcode[1]) { 383 src_op_size = 1; 384 } else { 385 src_op_size = 2; 386 } 387 decode->operand_size = src_op_size; 388 calc_modrm_operand(env, decode, &decode->op[1]); 389 decode->op[1].val = read_val_ext(env, decode->op[1].ptr, src_op_size); 390 write_val_ext(env, decode->op[0].ptr, decode->op[1].val, op_size); 391 392 env->eip += decode->len; 393 } 394 395 static void exec_out(CPUX86State *env, struct x86_decode *decode) 396 { 397 switch (decode->opcode[0]) { 398 case 0xe6: 399 emul_ops->handle_io(env_cpu(env), decode->op[0].val, &AL(env), 1, 1, 1); 400 break; 401 case 0xe7: 402 emul_ops->handle_io(env_cpu(env), decode->op[0].val, &RAX(env), 1, 403 decode->operand_size, 1); 404 break; 405 case 0xee: 406 emul_ops->handle_io(env_cpu(env), DX(env), &AL(env), 1, 1, 1); 407 break; 408 case 0xef: 409 emul_ops->handle_io(env_cpu(env), DX(env), &RAX(env), 1, 410 decode->operand_size, 1); 411 break; 412 default: 413 VM_PANIC("Bad out opcode\n"); 414 break; 415 } 416 env->eip += decode->len; 417 } 418 419 static void exec_in(CPUX86State *env, struct x86_decode *decode) 420 { 421 target_ulong val = 0; 422 switch (decode->opcode[0]) { 423 case 0xe4: 424 emul_ops->handle_io(env_cpu(env), decode->op[0].val, &AL(env), 0, 1, 1); 425 break; 426 case 0xe5: 427 emul_ops->handle_io(env_cpu(env), decode->op[0].val, &val, 0, 428 decode->operand_size, 1); 429 if (decode->operand_size == 2) { 430 AX(env) = val; 431 } else { 432 RAX(env) = (uint32_t)val; 433 } 434 break; 435 case 0xec: 436 emul_ops->handle_io(env_cpu(env), DX(env), &AL(env), 0, 1, 1); 437 break; 438 case 0xed: 439 emul_ops->handle_io(env_cpu(env), DX(env), &val, 0, 440 decode->operand_size, 1); 441 if (decode->operand_size == 2) { 442 AX(env) = val; 443 } else { 444 RAX(env) = (uint32_t)val; 445 } 446 447 break; 448 default: 449 VM_PANIC("Bad in opcode\n"); 450 break; 451 } 452 453 env->eip += decode->len; 454 } 455 456 static inline void string_increment_reg(CPUX86State *env, int reg, 457 struct x86_decode *decode) 458 { 459 target_ulong val = read_reg(env, reg, decode->addressing_size); 460 if (env->eflags & DF_MASK) { 461 val -= decode->operand_size; 462 } else { 463 val += decode->operand_size; 464 } 465 write_reg(env, reg, val, decode->addressing_size); 466 } 467 468 static inline void string_rep(CPUX86State *env, struct x86_decode *decode, 469 void (*func)(CPUX86State *env, 470 struct x86_decode *ins), int rep) 471 { 472 target_ulong rcx = read_reg(env, R_ECX, decode->addressing_size); 473 while (rcx--) { 474 func(env, decode); 475 write_reg(env, R_ECX, rcx, decode->addressing_size); 476 if ((PREFIX_REP == rep) && !get_ZF(env)) { 477 break; 478 } 479 if ((PREFIX_REPN == rep) && get_ZF(env)) { 480 break; 481 } 482 } 483 } 484 485 static void exec_ins_single(CPUX86State *env, struct x86_decode *decode) 486 { 487 target_ulong addr = linear_addr_size(env_cpu(env), RDI(env), 488 decode->addressing_size, R_ES); 489 490 emul_ops->handle_io(env_cpu(env), DX(env), env->emu_mmio_buf, 0, 491 decode->operand_size, 1); 492 emul_ops->write_mem(env_cpu(env), env->emu_mmio_buf, addr, 493 decode->operand_size); 494 495 string_increment_reg(env, R_EDI, decode); 496 } 497 498 static void exec_ins(CPUX86State *env, struct x86_decode *decode) 499 { 500 if (decode->rep) { 501 string_rep(env, decode, exec_ins_single, 0); 502 } else { 503 exec_ins_single(env, decode); 504 } 505 506 env->eip += decode->len; 507 } 508 509 static void exec_outs_single(CPUX86State *env, struct x86_decode *decode) 510 { 511 target_ulong addr = decode_linear_addr(env, decode, RSI(env), R_DS); 512 513 emul_ops->read_mem(env_cpu(env), env->emu_mmio_buf, addr, 514 decode->operand_size); 515 emul_ops->handle_io(env_cpu(env), DX(env), env->emu_mmio_buf, 1, 516 decode->operand_size, 1); 517 518 string_increment_reg(env, R_ESI, decode); 519 } 520 521 static void exec_outs(CPUX86State *env, struct x86_decode *decode) 522 { 523 if (decode->rep) { 524 string_rep(env, decode, exec_outs_single, 0); 525 } else { 526 exec_outs_single(env, decode); 527 } 528 529 env->eip += decode->len; 530 } 531 532 static void exec_movs_single(CPUX86State *env, struct x86_decode *decode) 533 { 534 target_ulong src_addr; 535 target_ulong dst_addr; 536 target_ulong val; 537 538 src_addr = decode_linear_addr(env, decode, RSI(env), R_DS); 539 dst_addr = linear_addr_size(env_cpu(env), RDI(env), 540 decode->addressing_size, R_ES); 541 542 val = read_val_ext(env, src_addr, decode->operand_size); 543 write_val_ext(env, dst_addr, val, decode->operand_size); 544 545 string_increment_reg(env, R_ESI, decode); 546 string_increment_reg(env, R_EDI, decode); 547 } 548 549 static void exec_movs(CPUX86State *env, struct x86_decode *decode) 550 { 551 if (decode->rep) { 552 string_rep(env, decode, exec_movs_single, 0); 553 } else { 554 exec_movs_single(env, decode); 555 } 556 557 env->eip += decode->len; 558 } 559 560 static void exec_cmps_single(CPUX86State *env, struct x86_decode *decode) 561 { 562 target_ulong src_addr; 563 target_ulong dst_addr; 564 565 src_addr = decode_linear_addr(env, decode, RSI(env), R_DS); 566 dst_addr = linear_addr_size(env_cpu(env), RDI(env), 567 decode->addressing_size, R_ES); 568 569 decode->op[0].type = X86_VAR_IMMEDIATE; 570 decode->op[0].val = read_val_ext(env, src_addr, decode->operand_size); 571 decode->op[1].type = X86_VAR_IMMEDIATE; 572 decode->op[1].val = read_val_ext(env, dst_addr, decode->operand_size); 573 574 EXEC_2OP_FLAGS_CMD(env, decode, -, SET_FLAGS_OSZAPC_SUB, false); 575 576 string_increment_reg(env, R_ESI, decode); 577 string_increment_reg(env, R_EDI, decode); 578 } 579 580 static void exec_cmps(CPUX86State *env, struct x86_decode *decode) 581 { 582 if (decode->rep) { 583 string_rep(env, decode, exec_cmps_single, decode->rep); 584 } else { 585 exec_cmps_single(env, decode); 586 } 587 env->eip += decode->len; 588 } 589 590 591 static void exec_stos_single(CPUX86State *env, struct x86_decode *decode) 592 { 593 target_ulong addr; 594 target_ulong val; 595 596 addr = linear_addr_size(env_cpu(env), RDI(env), 597 decode->addressing_size, R_ES); 598 val = read_reg(env, R_EAX, decode->operand_size); 599 emul_ops->write_mem(env_cpu(env), &val, addr, decode->operand_size); 600 601 string_increment_reg(env, R_EDI, decode); 602 } 603 604 605 static void exec_stos(CPUX86State *env, struct x86_decode *decode) 606 { 607 if (decode->rep) { 608 string_rep(env, decode, exec_stos_single, 0); 609 } else { 610 exec_stos_single(env, decode); 611 } 612 613 env->eip += decode->len; 614 } 615 616 static void exec_scas_single(CPUX86State *env, struct x86_decode *decode) 617 { 618 target_ulong addr; 619 620 addr = linear_addr_size(env_cpu(env), RDI(env), 621 decode->addressing_size, R_ES); 622 decode->op[1].type = X86_VAR_IMMEDIATE; 623 emul_ops->read_mem(env_cpu(env), &decode->op[1].val, addr, decode->operand_size); 624 625 EXEC_2OP_FLAGS_CMD(env, decode, -, SET_FLAGS_OSZAPC_SUB, false); 626 string_increment_reg(env, R_EDI, decode); 627 } 628 629 static void exec_scas(CPUX86State *env, struct x86_decode *decode) 630 { 631 decode->op[0].type = X86_VAR_REG; 632 decode->op[0].reg = R_EAX; 633 if (decode->rep) { 634 string_rep(env, decode, exec_scas_single, decode->rep); 635 } else { 636 exec_scas_single(env, decode); 637 } 638 639 env->eip += decode->len; 640 } 641 642 static void exec_lods_single(CPUX86State *env, struct x86_decode *decode) 643 { 644 target_ulong addr; 645 target_ulong val = 0; 646 647 addr = decode_linear_addr(env, decode, RSI(env), R_DS); 648 emul_ops->read_mem(env_cpu(env), &val, addr, decode->operand_size); 649 write_reg(env, R_EAX, val, decode->operand_size); 650 651 string_increment_reg(env, R_ESI, decode); 652 } 653 654 static void exec_lods(CPUX86State *env, struct x86_decode *decode) 655 { 656 if (decode->rep) { 657 string_rep(env, decode, exec_lods_single, 0); 658 } else { 659 exec_lods_single(env, decode); 660 } 661 662 env->eip += decode->len; 663 } 664 665 void x86_emul_raise_exception(CPUX86State *env, int exception_index, int error_code) 666 { 667 env->exception_nr = exception_index; 668 env->error_code = error_code; 669 env->has_error_code = true; 670 env->exception_injected = 1; 671 } 672 673 static void exec_rdmsr(CPUX86State *env, struct x86_decode *decode) 674 { 675 emul_ops->simulate_rdmsr(env_cpu(env)); 676 env->eip += decode->len; 677 } 678 679 static void exec_wrmsr(CPUX86State *env, struct x86_decode *decode) 680 { 681 emul_ops->simulate_wrmsr(env_cpu(env)); 682 env->eip += decode->len; 683 } 684 685 /* 686 * flag: 687 * 0 - bt, 1 - btc, 2 - bts, 3 - btr 688 */ 689 static void do_bt(CPUX86State *env, struct x86_decode *decode, int flag) 690 { 691 int32_t displacement; 692 uint8_t index; 693 bool cf; 694 int mask = (4 == decode->operand_size) ? 0x1f : 0xf; 695 696 VM_PANIC_ON(decode->rex.rex); 697 698 fetch_operands(env, decode, 2, false, true, false); 699 index = decode->op[1].val & mask; 700 701 if (decode->op[0].type != X86_VAR_REG) { 702 if (4 == decode->operand_size) { 703 displacement = ((int32_t) (decode->op[1].val & 0xffffffe0)) / 32; 704 decode->op[0].ptr += 4 * displacement; 705 } else if (2 == decode->operand_size) { 706 displacement = ((int16_t) (decode->op[1].val & 0xfff0)) / 16; 707 decode->op[0].ptr += 2 * displacement; 708 } else { 709 VM_PANIC("bt 64bit\n"); 710 } 711 } 712 decode->op[0].val = read_val_ext(env, decode->op[0].ptr, 713 decode->operand_size); 714 cf = (decode->op[0].val >> index) & 0x01; 715 716 switch (flag) { 717 case 0: 718 set_CF(env, cf); 719 return; 720 case 1: 721 decode->op[0].val ^= (1u << index); 722 break; 723 case 2: 724 decode->op[0].val |= (1u << index); 725 break; 726 case 3: 727 decode->op[0].val &= ~(1u << index); 728 break; 729 } 730 write_val_ext(env, decode->op[0].ptr, decode->op[0].val, 731 decode->operand_size); 732 set_CF(env, cf); 733 } 734 735 static void exec_bt(CPUX86State *env, struct x86_decode *decode) 736 { 737 do_bt(env, decode, 0); 738 env->eip += decode->len; 739 } 740 741 static void exec_btc(CPUX86State *env, struct x86_decode *decode) 742 { 743 do_bt(env, decode, 1); 744 env->eip += decode->len; 745 } 746 747 static void exec_btr(CPUX86State *env, struct x86_decode *decode) 748 { 749 do_bt(env, decode, 3); 750 env->eip += decode->len; 751 } 752 753 static void exec_bts(CPUX86State *env, struct x86_decode *decode) 754 { 755 do_bt(env, decode, 2); 756 env->eip += decode->len; 757 } 758 759 void exec_shl(CPUX86State *env, struct x86_decode *decode) 760 { 761 uint8_t count; 762 int of = 0, cf = 0; 763 764 fetch_operands(env, decode, 2, true, true, false); 765 766 count = decode->op[1].val; 767 count &= 0x1f; /* count is masked to 5 bits*/ 768 if (!count) { 769 goto exit; 770 } 771 772 switch (decode->operand_size) { 773 case 1: 774 { 775 uint8_t res = 0; 776 if (count <= 8) { 777 res = (decode->op[0].val << count); 778 cf = (decode->op[0].val >> (8 - count)) & 0x1; 779 of = cf ^ (res >> 7); 780 } 781 782 write_val_ext(env, decode->op[0].ptr, res, 1); 783 SET_FLAGS_OSZAPC_LOGIC8(env, 0, 0, res); 784 SET_FLAGS_OxxxxC(env, of, cf); 785 break; 786 } 787 case 2: 788 { 789 uint16_t res = 0; 790 791 /* from bochs */ 792 if (count <= 16) { 793 res = (decode->op[0].val << count); 794 cf = (decode->op[0].val >> (16 - count)) & 0x1; 795 of = cf ^ (res >> 15); /* of = cf ^ result15 */ 796 } 797 798 write_val_ext(env, decode->op[0].ptr, res, 2); 799 SET_FLAGS_OSZAPC_LOGIC16(env, 0, 0, res); 800 SET_FLAGS_OxxxxC(env, of, cf); 801 break; 802 } 803 case 4: 804 { 805 uint32_t res = decode->op[0].val << count; 806 807 write_val_ext(env, decode->op[0].ptr, res, 4); 808 SET_FLAGS_OSZAPC_LOGIC32(env, 0, 0, res); 809 cf = (decode->op[0].val >> (32 - count)) & 0x1; 810 of = cf ^ (res >> 31); /* of = cf ^ result31 */ 811 SET_FLAGS_OxxxxC(env, of, cf); 812 break; 813 } 814 default: 815 abort(); 816 } 817 818 exit: 819 /* lflags_to_rflags(env); */ 820 env->eip += decode->len; 821 } 822 823 void exec_movsx(CPUX86State *env, struct x86_decode *decode) 824 { 825 int src_op_size; 826 int op_size = decode->operand_size; 827 828 fetch_operands(env, decode, 2, false, false, false); 829 830 if (0xbe == decode->opcode[1]) { 831 src_op_size = 1; 832 } else { 833 src_op_size = 2; 834 } 835 836 decode->operand_size = src_op_size; 837 calc_modrm_operand(env, decode, &decode->op[1]); 838 decode->op[1].val = sign(read_val_ext(env, decode->op[1].ptr, src_op_size), 839 src_op_size); 840 841 write_val_ext(env, decode->op[0].ptr, decode->op[1].val, op_size); 842 843 env->eip += decode->len; 844 } 845 846 void exec_ror(CPUX86State *env, struct x86_decode *decode) 847 { 848 uint8_t count; 849 850 fetch_operands(env, decode, 2, true, true, false); 851 count = decode->op[1].val; 852 853 switch (decode->operand_size) { 854 case 1: 855 { 856 uint32_t bit6, bit7; 857 uint8_t res; 858 859 if ((count & 0x07) == 0) { 860 if (count & 0x18) { 861 bit6 = ((uint8_t)decode->op[0].val >> 6) & 1; 862 bit7 = ((uint8_t)decode->op[0].val >> 7) & 1; 863 SET_FLAGS_OxxxxC(env, bit6 ^ bit7, bit7); 864 } 865 } else { 866 count &= 0x7; /* use only bottom 3 bits */ 867 res = ((uint8_t)decode->op[0].val >> count) | 868 ((uint8_t)decode->op[0].val << (8 - count)); 869 write_val_ext(env, decode->op[0].ptr, res, 1); 870 bit6 = (res >> 6) & 1; 871 bit7 = (res >> 7) & 1; 872 /* set eflags: ROR count affects the following flags: C, O */ 873 SET_FLAGS_OxxxxC(env, bit6 ^ bit7, bit7); 874 } 875 break; 876 } 877 case 2: 878 { 879 uint32_t bit14, bit15; 880 uint16_t res; 881 882 if ((count & 0x0f) == 0) { 883 if (count & 0x10) { 884 bit14 = ((uint16_t)decode->op[0].val >> 14) & 1; 885 bit15 = ((uint16_t)decode->op[0].val >> 15) & 1; 886 /* of = result14 ^ result15 */ 887 SET_FLAGS_OxxxxC(env, bit14 ^ bit15, bit15); 888 } 889 } else { 890 count &= 0x0f; /* use only 4 LSB's */ 891 res = ((uint16_t)decode->op[0].val >> count) | 892 ((uint16_t)decode->op[0].val << (16 - count)); 893 write_val_ext(env, decode->op[0].ptr, res, 2); 894 895 bit14 = (res >> 14) & 1; 896 bit15 = (res >> 15) & 1; 897 /* of = result14 ^ result15 */ 898 SET_FLAGS_OxxxxC(env, bit14 ^ bit15, bit15); 899 } 900 break; 901 } 902 case 4: 903 { 904 uint32_t bit31, bit30; 905 uint32_t res; 906 907 count &= 0x1f; 908 if (count) { 909 res = ((uint32_t)decode->op[0].val >> count) | 910 ((uint32_t)decode->op[0].val << (32 - count)); 911 write_val_ext(env, decode->op[0].ptr, res, 4); 912 913 bit31 = (res >> 31) & 1; 914 bit30 = (res >> 30) & 1; 915 /* of = result30 ^ result31 */ 916 SET_FLAGS_OxxxxC(env, bit30 ^ bit31, bit31); 917 } 918 break; 919 } 920 } 921 env->eip += decode->len; 922 } 923 924 void exec_rol(CPUX86State *env, struct x86_decode *decode) 925 { 926 uint8_t count; 927 928 fetch_operands(env, decode, 2, true, true, false); 929 count = decode->op[1].val; 930 931 switch (decode->operand_size) { 932 case 1: 933 { 934 uint32_t bit0, bit7; 935 uint8_t res; 936 937 if ((count & 0x07) == 0) { 938 if (count & 0x18) { 939 bit0 = ((uint8_t)decode->op[0].val & 1); 940 bit7 = ((uint8_t)decode->op[0].val >> 7); 941 SET_FLAGS_OxxxxC(env, bit0 ^ bit7, bit0); 942 } 943 } else { 944 count &= 0x7; /* use only lowest 3 bits */ 945 res = ((uint8_t)decode->op[0].val << count) | 946 ((uint8_t)decode->op[0].val >> (8 - count)); 947 948 write_val_ext(env, decode->op[0].ptr, res, 1); 949 /* set eflags: 950 * ROL count affects the following flags: C, O 951 */ 952 bit0 = (res & 1); 953 bit7 = (res >> 7); 954 SET_FLAGS_OxxxxC(env, bit0 ^ bit7, bit0); 955 } 956 break; 957 } 958 case 2: 959 { 960 uint32_t bit0, bit15; 961 uint16_t res; 962 963 if ((count & 0x0f) == 0) { 964 if (count & 0x10) { 965 bit0 = ((uint16_t)decode->op[0].val & 0x1); 966 bit15 = ((uint16_t)decode->op[0].val >> 15); 967 /* of = cf ^ result15 */ 968 SET_FLAGS_OxxxxC(env, bit0 ^ bit15, bit0); 969 } 970 } else { 971 count &= 0x0f; /* only use bottom 4 bits */ 972 res = ((uint16_t)decode->op[0].val << count) | 973 ((uint16_t)decode->op[0].val >> (16 - count)); 974 975 write_val_ext(env, decode->op[0].ptr, res, 2); 976 bit0 = (res & 0x1); 977 bit15 = (res >> 15); 978 /* of = cf ^ result15 */ 979 SET_FLAGS_OxxxxC(env, bit0 ^ bit15, bit0); 980 } 981 break; 982 } 983 case 4: 984 { 985 uint32_t bit0, bit31; 986 uint32_t res; 987 988 count &= 0x1f; 989 if (count) { 990 res = ((uint32_t)decode->op[0].val << count) | 991 ((uint32_t)decode->op[0].val >> (32 - count)); 992 993 write_val_ext(env, decode->op[0].ptr, res, 4); 994 bit0 = (res & 0x1); 995 bit31 = (res >> 31); 996 /* of = cf ^ result31 */ 997 SET_FLAGS_OxxxxC(env, bit0 ^ bit31, bit0); 998 } 999 break; 1000 } 1001 } 1002 env->eip += decode->len; 1003 } 1004 1005 1006 void exec_rcl(CPUX86State *env, struct x86_decode *decode) 1007 { 1008 uint8_t count; 1009 int of = 0, cf = 0; 1010 1011 fetch_operands(env, decode, 2, true, true, false); 1012 count = decode->op[1].val & 0x1f; 1013 1014 switch (decode->operand_size) { 1015 case 1: 1016 { 1017 uint8_t op1_8 = decode->op[0].val; 1018 uint8_t res; 1019 count %= 9; 1020 if (!count) { 1021 break; 1022 } 1023 1024 if (1 == count) { 1025 res = (op1_8 << 1) | get_CF(env); 1026 } else { 1027 res = (op1_8 << count) | (get_CF(env) << (count - 1)) | 1028 (op1_8 >> (9 - count)); 1029 } 1030 1031 write_val_ext(env, decode->op[0].ptr, res, 1); 1032 1033 cf = (op1_8 >> (8 - count)) & 0x01; 1034 of = cf ^ (res >> 7); /* of = cf ^ result7 */ 1035 SET_FLAGS_OxxxxC(env, of, cf); 1036 break; 1037 } 1038 case 2: 1039 { 1040 uint16_t res; 1041 uint16_t op1_16 = decode->op[0].val; 1042 1043 count %= 17; 1044 if (!count) { 1045 break; 1046 } 1047 1048 if (1 == count) { 1049 res = (op1_16 << 1) | get_CF(env); 1050 } else if (count == 16) { 1051 res = (get_CF(env) << 15) | (op1_16 >> 1); 1052 } else { /* 2..15 */ 1053 res = (op1_16 << count) | (get_CF(env) << (count - 1)) | 1054 (op1_16 >> (17 - count)); 1055 } 1056 1057 write_val_ext(env, decode->op[0].ptr, res, 2); 1058 1059 cf = (op1_16 >> (16 - count)) & 0x1; 1060 of = cf ^ (res >> 15); /* of = cf ^ result15 */ 1061 SET_FLAGS_OxxxxC(env, of, cf); 1062 break; 1063 } 1064 case 4: 1065 { 1066 uint32_t res; 1067 uint32_t op1_32 = decode->op[0].val; 1068 1069 if (!count) { 1070 break; 1071 } 1072 1073 if (1 == count) { 1074 res = (op1_32 << 1) | get_CF(env); 1075 } else { 1076 res = (op1_32 << count) | (get_CF(env) << (count - 1)) | 1077 (op1_32 >> (33 - count)); 1078 } 1079 1080 write_val_ext(env, decode->op[0].ptr, res, 4); 1081 1082 cf = (op1_32 >> (32 - count)) & 0x1; 1083 of = cf ^ (res >> 31); /* of = cf ^ result31 */ 1084 SET_FLAGS_OxxxxC(env, of, cf); 1085 break; 1086 } 1087 } 1088 env->eip += decode->len; 1089 } 1090 1091 void exec_rcr(CPUX86State *env, struct x86_decode *decode) 1092 { 1093 uint8_t count; 1094 int of = 0, cf = 0; 1095 1096 fetch_operands(env, decode, 2, true, true, false); 1097 count = decode->op[1].val & 0x1f; 1098 1099 switch (decode->operand_size) { 1100 case 1: 1101 { 1102 uint8_t op1_8 = decode->op[0].val; 1103 uint8_t res; 1104 1105 count %= 9; 1106 if (!count) { 1107 break; 1108 } 1109 res = (op1_8 >> count) | (get_CF(env) << (8 - count)) | 1110 (op1_8 << (9 - count)); 1111 1112 write_val_ext(env, decode->op[0].ptr, res, 1); 1113 1114 cf = (op1_8 >> (count - 1)) & 0x1; 1115 of = (((res << 1) ^ res) >> 7) & 0x1; /* of = result6 ^ result7 */ 1116 SET_FLAGS_OxxxxC(env, of, cf); 1117 break; 1118 } 1119 case 2: 1120 { 1121 uint16_t op1_16 = decode->op[0].val; 1122 uint16_t res; 1123 1124 count %= 17; 1125 if (!count) { 1126 break; 1127 } 1128 res = (op1_16 >> count) | (get_CF(env) << (16 - count)) | 1129 (op1_16 << (17 - count)); 1130 1131 write_val_ext(env, decode->op[0].ptr, res, 2); 1132 1133 cf = (op1_16 >> (count - 1)) & 0x1; 1134 of = ((uint16_t)((res << 1) ^ res) >> 15) & 0x1; /* of = result15 ^ 1135 result14 */ 1136 SET_FLAGS_OxxxxC(env, of, cf); 1137 break; 1138 } 1139 case 4: 1140 { 1141 uint32_t res; 1142 uint32_t op1_32 = decode->op[0].val; 1143 1144 if (!count) { 1145 break; 1146 } 1147 1148 if (1 == count) { 1149 res = (op1_32 >> 1) | (get_CF(env) << 31); 1150 } else { 1151 res = (op1_32 >> count) | (get_CF(env) << (32 - count)) | 1152 (op1_32 << (33 - count)); 1153 } 1154 1155 write_val_ext(env, decode->op[0].ptr, res, 4); 1156 1157 cf = (op1_32 >> (count - 1)) & 0x1; 1158 of = ((res << 1) ^ res) >> 31; /* of = result30 ^ result31 */ 1159 SET_FLAGS_OxxxxC(env, of, cf); 1160 break; 1161 } 1162 } 1163 env->eip += decode->len; 1164 } 1165 1166 static void exec_xchg(CPUX86State *env, struct x86_decode *decode) 1167 { 1168 fetch_operands(env, decode, 2, true, true, false); 1169 1170 write_val_ext(env, decode->op[0].ptr, decode->op[1].val, 1171 decode->operand_size); 1172 write_val_ext(env, decode->op[1].ptr, decode->op[0].val, 1173 decode->operand_size); 1174 1175 env->eip += decode->len; 1176 } 1177 1178 static void exec_xadd(CPUX86State *env, struct x86_decode *decode) 1179 { 1180 EXEC_2OP_FLAGS_CMD(env, decode, +, SET_FLAGS_OSZAPC_ADD, true); 1181 write_val_ext(env, decode->op[1].ptr, decode->op[0].val, 1182 decode->operand_size); 1183 1184 env->eip += decode->len; 1185 } 1186 1187 static struct cmd_handler { 1188 enum x86_decode_cmd cmd; 1189 void (*handler)(CPUX86State *env, struct x86_decode *ins); 1190 } handlers[] = { 1191 {X86_DECODE_CMD_INVL, NULL,}, 1192 {X86_DECODE_CMD_MOV, exec_mov}, 1193 {X86_DECODE_CMD_ADD, exec_add}, 1194 {X86_DECODE_CMD_OR, exec_or}, 1195 {X86_DECODE_CMD_ADC, exec_adc}, 1196 {X86_DECODE_CMD_SBB, exec_sbb}, 1197 {X86_DECODE_CMD_AND, exec_and}, 1198 {X86_DECODE_CMD_SUB, exec_sub}, 1199 {X86_DECODE_CMD_NEG, exec_neg}, 1200 {X86_DECODE_CMD_XOR, exec_xor}, 1201 {X86_DECODE_CMD_CMP, exec_cmp}, 1202 {X86_DECODE_CMD_INC, exec_inc}, 1203 {X86_DECODE_CMD_DEC, exec_dec}, 1204 {X86_DECODE_CMD_TST, exec_tst}, 1205 {X86_DECODE_CMD_NOT, exec_not}, 1206 {X86_DECODE_CMD_MOVZX, exec_movzx}, 1207 {X86_DECODE_CMD_OUT, exec_out}, 1208 {X86_DECODE_CMD_IN, exec_in}, 1209 {X86_DECODE_CMD_INS, exec_ins}, 1210 {X86_DECODE_CMD_OUTS, exec_outs}, 1211 {X86_DECODE_CMD_RDMSR, exec_rdmsr}, 1212 {X86_DECODE_CMD_WRMSR, exec_wrmsr}, 1213 {X86_DECODE_CMD_BT, exec_bt}, 1214 {X86_DECODE_CMD_BTR, exec_btr}, 1215 {X86_DECODE_CMD_BTC, exec_btc}, 1216 {X86_DECODE_CMD_BTS, exec_bts}, 1217 {X86_DECODE_CMD_SHL, exec_shl}, 1218 {X86_DECODE_CMD_ROL, exec_rol}, 1219 {X86_DECODE_CMD_ROR, exec_ror}, 1220 {X86_DECODE_CMD_RCR, exec_rcr}, 1221 {X86_DECODE_CMD_RCL, exec_rcl}, 1222 /*{X86_DECODE_CMD_CPUID, exec_cpuid},*/ 1223 {X86_DECODE_CMD_MOVS, exec_movs}, 1224 {X86_DECODE_CMD_CMPS, exec_cmps}, 1225 {X86_DECODE_CMD_STOS, exec_stos}, 1226 {X86_DECODE_CMD_SCAS, exec_scas}, 1227 {X86_DECODE_CMD_LODS, exec_lods}, 1228 {X86_DECODE_CMD_MOVSX, exec_movsx}, 1229 {X86_DECODE_CMD_XCHG, exec_xchg}, 1230 {X86_DECODE_CMD_XADD, exec_xadd}, 1231 }; 1232 1233 static struct cmd_handler _cmd_handler[X86_DECODE_CMD_LAST]; 1234 1235 const struct x86_emul_ops *emul_ops; 1236 1237 static void init_cmd_handler(void) 1238 { 1239 int i; 1240 for (i = 0; i < ARRAY_SIZE(handlers); i++) { 1241 _cmd_handler[handlers[i].cmd] = handlers[i]; 1242 } 1243 } 1244 1245 bool exec_instruction(CPUX86State *env, struct x86_decode *ins) 1246 { 1247 if (!_cmd_handler[ins->cmd].handler) { 1248 printf("Unimplemented handler (%llx) for %d (%x %x) \n", env->eip, 1249 ins->cmd, ins->opcode[0], 1250 ins->opcode_len > 1 ? ins->opcode[1] : 0); 1251 env->eip += ins->len; 1252 return true; 1253 } 1254 1255 _cmd_handler[ins->cmd].handler(env, ins); 1256 return true; 1257 } 1258 1259 void init_emu(const struct x86_emul_ops *o) 1260 { 1261 emul_ops = o; 1262 init_cmd_handler(); 1263 } 1264