1 /* 2 * Copyright (C) 2016 Veertu Inc, 3 * Copyright (C) 2017 Google Inc, 4 * 5 * This program is free software; you can redistribute it and/or 6 * modify it under the terms of the GNU Lesser General Public 7 * License as published by the Free Software Foundation; either 8 * version 2.1 of the License, or (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 * Lesser General Public License for more details. 14 * 15 * You should have received a copy of the GNU Lesser General Public 16 * License along with this program; if not, see <http://www.gnu.org/licenses/>. 17 */ 18 19 ///////////////////////////////////////////////////////////////////////// 20 // 21 // Copyright (C) 2001-2012 The Bochs Project 22 // 23 // This library is free software; you can redistribute it and/or 24 // modify it under the terms of the GNU Lesser General Public 25 // License as published by the Free Software Foundation; either 26 // version 2.1 of the License, or (at your option) any later version. 27 // 28 // This library is distributed in the hope that it will be useful, 29 // but WITHOUT ANY WARRANTY; without even the implied warranty of 30 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 31 // Lesser General Public License for more details. 32 // 33 // You should have received a copy of the GNU Lesser General Public 34 // License along with this library; if not, write to the Free Software 35 // Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA B 02110-1301 USA 36 ///////////////////////////////////////////////////////////////////////// 37 38 #include "qemu/osdep.h" 39 #include "panic.h" 40 #include "x86_decode.h" 41 #include "x86.h" 42 #include "x86_emu.h" 43 #include "x86_flags.h" 44 45 #define EXEC_2OP_FLAGS_CMD(env, decode, cmd, FLAGS_FUNC, save_res) \ 46 { \ 47 fetch_operands(env, decode, 2, true, true, false); \ 48 switch (decode->operand_size) { \ 49 case 1: \ 50 { \ 51 uint8_t v1 = (uint8_t)decode->op[0].val; \ 52 uint8_t v2 = (uint8_t)decode->op[1].val; \ 53 uint8_t diff = v1 cmd v2; \ 54 if (save_res) { \ 55 write_val_ext(env, decode->op[0].ptr, diff, 1); \ 56 } \ 57 FLAGS_FUNC##8(env, v1, v2, diff); \ 58 break; \ 59 } \ 60 case 2: \ 61 { \ 62 uint16_t v1 = (uint16_t)decode->op[0].val; \ 63 uint16_t v2 = (uint16_t)decode->op[1].val; \ 64 uint16_t diff = v1 cmd v2; \ 65 if (save_res) { \ 66 write_val_ext(env, decode->op[0].ptr, diff, 2); \ 67 } \ 68 FLAGS_FUNC##16(env, v1, v2, diff); \ 69 break; \ 70 } \ 71 case 4: \ 72 { \ 73 uint32_t v1 = (uint32_t)decode->op[0].val; \ 74 uint32_t v2 = (uint32_t)decode->op[1].val; \ 75 uint32_t diff = v1 cmd v2; \ 76 if (save_res) { \ 77 write_val_ext(env, decode->op[0].ptr, diff, 4); \ 78 } \ 79 FLAGS_FUNC##32(env, v1, v2, diff); \ 80 break; \ 81 } \ 82 default: \ 83 VM_PANIC("bad size\n"); \ 84 } \ 85 } \ 86 87 target_ulong read_reg(CPUX86State *env, int reg, int size) 88 { 89 switch (size) { 90 case 1: 91 return x86_reg(env, reg)->lx; 92 case 2: 93 return x86_reg(env, reg)->rx; 94 case 4: 95 return x86_reg(env, reg)->erx; 96 case 8: 97 return x86_reg(env, reg)->rrx; 98 default: 99 abort(); 100 } 101 return 0; 102 } 103 104 void write_reg(CPUX86State *env, int reg, target_ulong val, int size) 105 { 106 switch (size) { 107 case 1: 108 x86_reg(env, reg)->lx = val; 109 break; 110 case 2: 111 x86_reg(env, reg)->rx = val; 112 break; 113 case 4: 114 x86_reg(env, reg)->rrx = (uint32_t)val; 115 break; 116 case 8: 117 x86_reg(env, reg)->rrx = val; 118 break; 119 default: 120 abort(); 121 } 122 } 123 124 target_ulong read_val_from_reg(target_ulong reg_ptr, int size) 125 { 126 target_ulong val; 127 128 switch (size) { 129 case 1: 130 val = *(uint8_t *)reg_ptr; 131 break; 132 case 2: 133 val = *(uint16_t *)reg_ptr; 134 break; 135 case 4: 136 val = *(uint32_t *)reg_ptr; 137 break; 138 case 8: 139 val = *(uint64_t *)reg_ptr; 140 break; 141 default: 142 abort(); 143 } 144 return val; 145 } 146 147 void write_val_to_reg(target_ulong reg_ptr, target_ulong val, int size) 148 { 149 switch (size) { 150 case 1: 151 *(uint8_t *)reg_ptr = val; 152 break; 153 case 2: 154 *(uint16_t *)reg_ptr = val; 155 break; 156 case 4: 157 *(uint64_t *)reg_ptr = (uint32_t)val; 158 break; 159 case 8: 160 *(uint64_t *)reg_ptr = val; 161 break; 162 default: 163 abort(); 164 } 165 } 166 167 static bool is_host_reg(CPUX86State *env, target_ulong ptr) 168 { 169 return (ptr - (target_ulong)&env->regs[0]) < sizeof(env->regs); 170 } 171 172 void write_val_ext(CPUX86State *env, target_ulong ptr, target_ulong val, int size) 173 { 174 if (is_host_reg(env, ptr)) { 175 write_val_to_reg(ptr, val, size); 176 return; 177 } 178 emul_ops->write_mem(env_cpu(env), &val, ptr, size); 179 } 180 181 uint8_t *read_mmio(CPUX86State *env, target_ulong ptr, int bytes) 182 { 183 emul_ops->read_mem(env_cpu(env), env->emu_mmio_buf, ptr, bytes); 184 return env->emu_mmio_buf; 185 } 186 187 188 target_ulong read_val_ext(CPUX86State *env, target_ulong ptr, int size) 189 { 190 target_ulong val; 191 uint8_t *mmio_ptr; 192 193 if (is_host_reg(env, ptr)) { 194 return read_val_from_reg(ptr, size); 195 } 196 197 mmio_ptr = read_mmio(env, ptr, size); 198 switch (size) { 199 case 1: 200 val = *(uint8_t *)mmio_ptr; 201 break; 202 case 2: 203 val = *(uint16_t *)mmio_ptr; 204 break; 205 case 4: 206 val = *(uint32_t *)mmio_ptr; 207 break; 208 case 8: 209 val = *(uint64_t *)mmio_ptr; 210 break; 211 default: 212 VM_PANIC("bad size\n"); 213 break; 214 } 215 return val; 216 } 217 218 static void fetch_operands(CPUX86State *env, struct x86_decode *decode, 219 int n, bool val_op0, bool val_op1, bool val_op2) 220 { 221 int i; 222 bool calc_val[3] = {val_op0, val_op1, val_op2}; 223 224 for (i = 0; i < n; i++) { 225 switch (decode->op[i].type) { 226 case X86_VAR_IMMEDIATE: 227 break; 228 case X86_VAR_REG: 229 VM_PANIC_ON(!decode->op[i].ptr); 230 if (calc_val[i]) { 231 decode->op[i].val = read_val_from_reg(decode->op[i].ptr, 232 decode->operand_size); 233 } 234 break; 235 case X86_VAR_RM: 236 calc_modrm_operand(env, decode, &decode->op[i]); 237 if (calc_val[i]) { 238 decode->op[i].val = read_val_ext(env, decode->op[i].ptr, 239 decode->operand_size); 240 } 241 break; 242 case X86_VAR_OFFSET: 243 decode->op[i].ptr = decode_linear_addr(env, decode, 244 decode->op[i].ptr, 245 R_DS); 246 if (calc_val[i]) { 247 decode->op[i].val = read_val_ext(env, decode->op[i].ptr, 248 decode->operand_size); 249 } 250 break; 251 default: 252 break; 253 } 254 } 255 } 256 257 static void exec_mov(CPUX86State *env, struct x86_decode *decode) 258 { 259 fetch_operands(env, decode, 2, false, true, false); 260 write_val_ext(env, decode->op[0].ptr, decode->op[1].val, 261 decode->operand_size); 262 263 env->eip += decode->len; 264 } 265 266 static void exec_add(CPUX86State *env, struct x86_decode *decode) 267 { 268 EXEC_2OP_FLAGS_CMD(env, decode, +, SET_FLAGS_OSZAPC_ADD, true); 269 env->eip += decode->len; 270 } 271 272 static void exec_or(CPUX86State *env, struct x86_decode *decode) 273 { 274 EXEC_2OP_FLAGS_CMD(env, decode, |, SET_FLAGS_OSZAPC_LOGIC, true); 275 env->eip += decode->len; 276 } 277 278 static void exec_adc(CPUX86State *env, struct x86_decode *decode) 279 { 280 EXEC_2OP_FLAGS_CMD(env, decode, +get_CF(env)+, SET_FLAGS_OSZAPC_ADD, true); 281 env->eip += decode->len; 282 } 283 284 static void exec_sbb(CPUX86State *env, struct x86_decode *decode) 285 { 286 EXEC_2OP_FLAGS_CMD(env, decode, -get_CF(env)-, SET_FLAGS_OSZAPC_SUB, true); 287 env->eip += decode->len; 288 } 289 290 static void exec_and(CPUX86State *env, struct x86_decode *decode) 291 { 292 EXEC_2OP_FLAGS_CMD(env, decode, &, SET_FLAGS_OSZAPC_LOGIC, true); 293 env->eip += decode->len; 294 } 295 296 static void exec_sub(CPUX86State *env, struct x86_decode *decode) 297 { 298 EXEC_2OP_FLAGS_CMD(env, decode, -, SET_FLAGS_OSZAPC_SUB, true); 299 env->eip += decode->len; 300 } 301 302 static void exec_xor(CPUX86State *env, struct x86_decode *decode) 303 { 304 EXEC_2OP_FLAGS_CMD(env, decode, ^, SET_FLAGS_OSZAPC_LOGIC, true); 305 env->eip += decode->len; 306 } 307 308 static void exec_neg(CPUX86State *env, struct x86_decode *decode) 309 { 310 /*EXEC_2OP_FLAGS_CMD(env, decode, -, SET_FLAGS_OSZAPC_SUB, false);*/ 311 int32_t val; 312 fetch_operands(env, decode, 2, true, true, false); 313 314 val = 0 - sign(decode->op[1].val, decode->operand_size); 315 write_val_ext(env, decode->op[1].ptr, val, decode->operand_size); 316 317 if (4 == decode->operand_size) { 318 SET_FLAGS_OSZAPC_SUB32(env, 0, 0 - val, val); 319 } else if (2 == decode->operand_size) { 320 SET_FLAGS_OSZAPC_SUB16(env, 0, 0 - val, val); 321 } else if (1 == decode->operand_size) { 322 SET_FLAGS_OSZAPC_SUB8(env, 0, 0 - val, val); 323 } else { 324 VM_PANIC("bad op size\n"); 325 } 326 327 /*lflags_to_rflags(env);*/ 328 env->eip += decode->len; 329 } 330 331 static void exec_cmp(CPUX86State *env, struct x86_decode *decode) 332 { 333 EXEC_2OP_FLAGS_CMD(env, decode, -, SET_FLAGS_OSZAPC_SUB, false); 334 env->eip += decode->len; 335 } 336 337 static void exec_inc(CPUX86State *env, struct x86_decode *decode) 338 { 339 decode->op[1].type = X86_VAR_IMMEDIATE; 340 decode->op[1].val = 0; 341 342 EXEC_2OP_FLAGS_CMD(env, decode, +1+, SET_FLAGS_OSZAP_ADD, true); 343 344 env->eip += decode->len; 345 } 346 347 static void exec_dec(CPUX86State *env, struct x86_decode *decode) 348 { 349 decode->op[1].type = X86_VAR_IMMEDIATE; 350 decode->op[1].val = 0; 351 352 EXEC_2OP_FLAGS_CMD(env, decode, -1-, SET_FLAGS_OSZAP_SUB, true); 353 env->eip += decode->len; 354 } 355 356 static void exec_tst(CPUX86State *env, struct x86_decode *decode) 357 { 358 EXEC_2OP_FLAGS_CMD(env, decode, &, SET_FLAGS_OSZAPC_LOGIC, false); 359 env->eip += decode->len; 360 } 361 362 static void exec_not(CPUX86State *env, struct x86_decode *decode) 363 { 364 fetch_operands(env, decode, 1, true, false, false); 365 366 write_val_ext(env, decode->op[0].ptr, ~decode->op[0].val, 367 decode->operand_size); 368 env->eip += decode->len; 369 } 370 371 void exec_movzx(CPUX86State *env, struct x86_decode *decode) 372 { 373 int src_op_size; 374 int op_size = decode->operand_size; 375 376 fetch_operands(env, decode, 1, false, false, false); 377 378 if (0xb6 == decode->opcode[1]) { 379 src_op_size = 1; 380 } else { 381 src_op_size = 2; 382 } 383 decode->operand_size = src_op_size; 384 calc_modrm_operand(env, decode, &decode->op[1]); 385 decode->op[1].val = read_val_ext(env, decode->op[1].ptr, src_op_size); 386 write_val_ext(env, decode->op[0].ptr, decode->op[1].val, op_size); 387 388 env->eip += decode->len; 389 } 390 391 static void exec_out(CPUX86State *env, struct x86_decode *decode) 392 { 393 switch (decode->opcode[0]) { 394 case 0xe6: 395 emul_ops->handle_io(env_cpu(env), decode->op[0].val, &AL(env), 1, 1, 1); 396 break; 397 case 0xe7: 398 emul_ops->handle_io(env_cpu(env), decode->op[0].val, &RAX(env), 1, 399 decode->operand_size, 1); 400 break; 401 case 0xee: 402 emul_ops->handle_io(env_cpu(env), DX(env), &AL(env), 1, 1, 1); 403 break; 404 case 0xef: 405 emul_ops->handle_io(env_cpu(env), DX(env), &RAX(env), 1, 406 decode->operand_size, 1); 407 break; 408 default: 409 VM_PANIC("Bad out opcode\n"); 410 break; 411 } 412 env->eip += decode->len; 413 } 414 415 static void exec_in(CPUX86State *env, struct x86_decode *decode) 416 { 417 target_ulong val = 0; 418 switch (decode->opcode[0]) { 419 case 0xe4: 420 emul_ops->handle_io(env_cpu(env), decode->op[0].val, &AL(env), 0, 1, 1); 421 break; 422 case 0xe5: 423 emul_ops->handle_io(env_cpu(env), decode->op[0].val, &val, 0, 424 decode->operand_size, 1); 425 if (decode->operand_size == 2) { 426 AX(env) = val; 427 } else { 428 RAX(env) = (uint32_t)val; 429 } 430 break; 431 case 0xec: 432 emul_ops->handle_io(env_cpu(env), DX(env), &AL(env), 0, 1, 1); 433 break; 434 case 0xed: 435 emul_ops->handle_io(env_cpu(env), DX(env), &val, 0, 436 decode->operand_size, 1); 437 if (decode->operand_size == 2) { 438 AX(env) = val; 439 } else { 440 RAX(env) = (uint32_t)val; 441 } 442 443 break; 444 default: 445 VM_PANIC("Bad in opcode\n"); 446 break; 447 } 448 449 env->eip += decode->len; 450 } 451 452 static inline void string_increment_reg(CPUX86State *env, int reg, 453 struct x86_decode *decode) 454 { 455 target_ulong val = read_reg(env, reg, decode->addressing_size); 456 if (env->eflags & DF_MASK) { 457 val -= decode->operand_size; 458 } else { 459 val += decode->operand_size; 460 } 461 write_reg(env, reg, val, decode->addressing_size); 462 } 463 464 static inline void string_rep(CPUX86State *env, struct x86_decode *decode, 465 void (*func)(CPUX86State *env, 466 struct x86_decode *ins), int rep) 467 { 468 target_ulong rcx = read_reg(env, R_ECX, decode->addressing_size); 469 while (rcx--) { 470 func(env, decode); 471 write_reg(env, R_ECX, rcx, decode->addressing_size); 472 if ((PREFIX_REP == rep) && !get_ZF(env)) { 473 break; 474 } 475 if ((PREFIX_REPN == rep) && get_ZF(env)) { 476 break; 477 } 478 } 479 } 480 481 static void exec_ins_single(CPUX86State *env, struct x86_decode *decode) 482 { 483 target_ulong addr = linear_addr_size(env_cpu(env), RDI(env), 484 decode->addressing_size, R_ES); 485 486 emul_ops->handle_io(env_cpu(env), DX(env), env->emu_mmio_buf, 0, 487 decode->operand_size, 1); 488 emul_ops->write_mem(env_cpu(env), env->emu_mmio_buf, addr, 489 decode->operand_size); 490 491 string_increment_reg(env, R_EDI, decode); 492 } 493 494 static void exec_ins(CPUX86State *env, struct x86_decode *decode) 495 { 496 if (decode->rep) { 497 string_rep(env, decode, exec_ins_single, 0); 498 } else { 499 exec_ins_single(env, decode); 500 } 501 502 env->eip += decode->len; 503 } 504 505 static void exec_outs_single(CPUX86State *env, struct x86_decode *decode) 506 { 507 target_ulong addr = decode_linear_addr(env, decode, RSI(env), R_DS); 508 509 emul_ops->read_mem(env_cpu(env), env->emu_mmio_buf, addr, 510 decode->operand_size); 511 emul_ops->handle_io(env_cpu(env), DX(env), env->emu_mmio_buf, 1, 512 decode->operand_size, 1); 513 514 string_increment_reg(env, R_ESI, decode); 515 } 516 517 static void exec_outs(CPUX86State *env, struct x86_decode *decode) 518 { 519 if (decode->rep) { 520 string_rep(env, decode, exec_outs_single, 0); 521 } else { 522 exec_outs_single(env, decode); 523 } 524 525 env->eip += decode->len; 526 } 527 528 static void exec_movs_single(CPUX86State *env, struct x86_decode *decode) 529 { 530 target_ulong src_addr; 531 target_ulong dst_addr; 532 target_ulong val; 533 534 src_addr = decode_linear_addr(env, decode, RSI(env), R_DS); 535 dst_addr = linear_addr_size(env_cpu(env), RDI(env), 536 decode->addressing_size, R_ES); 537 538 val = read_val_ext(env, src_addr, decode->operand_size); 539 write_val_ext(env, dst_addr, val, decode->operand_size); 540 541 string_increment_reg(env, R_ESI, decode); 542 string_increment_reg(env, R_EDI, decode); 543 } 544 545 static void exec_movs(CPUX86State *env, struct x86_decode *decode) 546 { 547 if (decode->rep) { 548 string_rep(env, decode, exec_movs_single, 0); 549 } else { 550 exec_movs_single(env, decode); 551 } 552 553 env->eip += decode->len; 554 } 555 556 static void exec_cmps_single(CPUX86State *env, struct x86_decode *decode) 557 { 558 target_ulong src_addr; 559 target_ulong dst_addr; 560 561 src_addr = decode_linear_addr(env, decode, RSI(env), R_DS); 562 dst_addr = linear_addr_size(env_cpu(env), RDI(env), 563 decode->addressing_size, R_ES); 564 565 decode->op[0].type = X86_VAR_IMMEDIATE; 566 decode->op[0].val = read_val_ext(env, src_addr, decode->operand_size); 567 decode->op[1].type = X86_VAR_IMMEDIATE; 568 decode->op[1].val = read_val_ext(env, dst_addr, decode->operand_size); 569 570 EXEC_2OP_FLAGS_CMD(env, decode, -, SET_FLAGS_OSZAPC_SUB, false); 571 572 string_increment_reg(env, R_ESI, decode); 573 string_increment_reg(env, R_EDI, decode); 574 } 575 576 static void exec_cmps(CPUX86State *env, struct x86_decode *decode) 577 { 578 if (decode->rep) { 579 string_rep(env, decode, exec_cmps_single, decode->rep); 580 } else { 581 exec_cmps_single(env, decode); 582 } 583 env->eip += decode->len; 584 } 585 586 587 static void exec_stos_single(CPUX86State *env, struct x86_decode *decode) 588 { 589 target_ulong addr; 590 target_ulong val; 591 592 addr = linear_addr_size(env_cpu(env), RDI(env), 593 decode->addressing_size, R_ES); 594 val = read_reg(env, R_EAX, decode->operand_size); 595 emul_ops->write_mem(env_cpu(env), &val, addr, decode->operand_size); 596 597 string_increment_reg(env, R_EDI, decode); 598 } 599 600 601 static void exec_stos(CPUX86State *env, struct x86_decode *decode) 602 { 603 if (decode->rep) { 604 string_rep(env, decode, exec_stos_single, 0); 605 } else { 606 exec_stos_single(env, decode); 607 } 608 609 env->eip += decode->len; 610 } 611 612 static void exec_scas_single(CPUX86State *env, struct x86_decode *decode) 613 { 614 target_ulong addr; 615 616 addr = linear_addr_size(env_cpu(env), RDI(env), 617 decode->addressing_size, R_ES); 618 decode->op[1].type = X86_VAR_IMMEDIATE; 619 emul_ops->read_mem(env_cpu(env), &decode->op[1].val, addr, decode->operand_size); 620 621 EXEC_2OP_FLAGS_CMD(env, decode, -, SET_FLAGS_OSZAPC_SUB, false); 622 string_increment_reg(env, R_EDI, decode); 623 } 624 625 static void exec_scas(CPUX86State *env, struct x86_decode *decode) 626 { 627 decode->op[0].type = X86_VAR_REG; 628 decode->op[0].reg = R_EAX; 629 if (decode->rep) { 630 string_rep(env, decode, exec_scas_single, decode->rep); 631 } else { 632 exec_scas_single(env, decode); 633 } 634 635 env->eip += decode->len; 636 } 637 638 static void exec_lods_single(CPUX86State *env, struct x86_decode *decode) 639 { 640 target_ulong addr; 641 target_ulong val = 0; 642 643 addr = decode_linear_addr(env, decode, RSI(env), R_DS); 644 emul_ops->read_mem(env_cpu(env), &val, addr, decode->operand_size); 645 write_reg(env, R_EAX, val, decode->operand_size); 646 647 string_increment_reg(env, R_ESI, decode); 648 } 649 650 static void exec_lods(CPUX86State *env, struct x86_decode *decode) 651 { 652 if (decode->rep) { 653 string_rep(env, decode, exec_lods_single, 0); 654 } else { 655 exec_lods_single(env, decode); 656 } 657 658 env->eip += decode->len; 659 } 660 661 void x86_emul_raise_exception(CPUX86State *env, int exception_index, int error_code) 662 { 663 env->exception_nr = exception_index; 664 env->error_code = error_code; 665 env->has_error_code = true; 666 env->exception_injected = 1; 667 } 668 669 static void exec_rdmsr(CPUX86State *env, struct x86_decode *decode) 670 { 671 emul_ops->simulate_rdmsr(env_cpu(env)); 672 env->eip += decode->len; 673 } 674 675 static void exec_wrmsr(CPUX86State *env, struct x86_decode *decode) 676 { 677 emul_ops->simulate_wrmsr(env_cpu(env)); 678 env->eip += decode->len; 679 } 680 681 /* 682 * flag: 683 * 0 - bt, 1 - btc, 2 - bts, 3 - btr 684 */ 685 static void do_bt(CPUX86State *env, struct x86_decode *decode, int flag) 686 { 687 int32_t displacement; 688 uint8_t index; 689 bool cf; 690 int mask = (4 == decode->operand_size) ? 0x1f : 0xf; 691 692 VM_PANIC_ON(decode->rex.rex); 693 694 fetch_operands(env, decode, 2, false, true, false); 695 index = decode->op[1].val & mask; 696 697 if (decode->op[0].type != X86_VAR_REG) { 698 if (4 == decode->operand_size) { 699 displacement = ((int32_t) (decode->op[1].val & 0xffffffe0)) / 32; 700 decode->op[0].ptr += 4 * displacement; 701 } else if (2 == decode->operand_size) { 702 displacement = ((int16_t) (decode->op[1].val & 0xfff0)) / 16; 703 decode->op[0].ptr += 2 * displacement; 704 } else { 705 VM_PANIC("bt 64bit\n"); 706 } 707 } 708 decode->op[0].val = read_val_ext(env, decode->op[0].ptr, 709 decode->operand_size); 710 cf = (decode->op[0].val >> index) & 0x01; 711 712 switch (flag) { 713 case 0: 714 set_CF(env, cf); 715 return; 716 case 1: 717 decode->op[0].val ^= (1u << index); 718 break; 719 case 2: 720 decode->op[0].val |= (1u << index); 721 break; 722 case 3: 723 decode->op[0].val &= ~(1u << index); 724 break; 725 } 726 write_val_ext(env, decode->op[0].ptr, decode->op[0].val, 727 decode->operand_size); 728 set_CF(env, cf); 729 } 730 731 static void exec_bt(CPUX86State *env, struct x86_decode *decode) 732 { 733 do_bt(env, decode, 0); 734 env->eip += decode->len; 735 } 736 737 static void exec_btc(CPUX86State *env, struct x86_decode *decode) 738 { 739 do_bt(env, decode, 1); 740 env->eip += decode->len; 741 } 742 743 static void exec_btr(CPUX86State *env, struct x86_decode *decode) 744 { 745 do_bt(env, decode, 3); 746 env->eip += decode->len; 747 } 748 749 static void exec_bts(CPUX86State *env, struct x86_decode *decode) 750 { 751 do_bt(env, decode, 2); 752 env->eip += decode->len; 753 } 754 755 void exec_shl(CPUX86State *env, struct x86_decode *decode) 756 { 757 uint8_t count; 758 int of = 0, cf = 0; 759 760 fetch_operands(env, decode, 2, true, true, false); 761 762 count = decode->op[1].val; 763 count &= 0x1f; /* count is masked to 5 bits*/ 764 if (!count) { 765 goto exit; 766 } 767 768 switch (decode->operand_size) { 769 case 1: 770 { 771 uint8_t res = 0; 772 if (count <= 8) { 773 res = (decode->op[0].val << count); 774 cf = (decode->op[0].val >> (8 - count)) & 0x1; 775 of = cf ^ (res >> 7); 776 } 777 778 write_val_ext(env, decode->op[0].ptr, res, 1); 779 SET_FLAGS_OSZAPC_LOGIC8(env, 0, 0, res); 780 SET_FLAGS_OxxxxC(env, of, cf); 781 break; 782 } 783 case 2: 784 { 785 uint16_t res = 0; 786 787 /* from bochs */ 788 if (count <= 16) { 789 res = (decode->op[0].val << count); 790 cf = (decode->op[0].val >> (16 - count)) & 0x1; 791 of = cf ^ (res >> 15); /* of = cf ^ result15 */ 792 } 793 794 write_val_ext(env, decode->op[0].ptr, res, 2); 795 SET_FLAGS_OSZAPC_LOGIC16(env, 0, 0, res); 796 SET_FLAGS_OxxxxC(env, of, cf); 797 break; 798 } 799 case 4: 800 { 801 uint32_t res = decode->op[0].val << count; 802 803 write_val_ext(env, decode->op[0].ptr, res, 4); 804 SET_FLAGS_OSZAPC_LOGIC32(env, 0, 0, res); 805 cf = (decode->op[0].val >> (32 - count)) & 0x1; 806 of = cf ^ (res >> 31); /* of = cf ^ result31 */ 807 SET_FLAGS_OxxxxC(env, of, cf); 808 break; 809 } 810 default: 811 abort(); 812 } 813 814 exit: 815 /* lflags_to_rflags(env); */ 816 env->eip += decode->len; 817 } 818 819 void exec_movsx(CPUX86State *env, struct x86_decode *decode) 820 { 821 int src_op_size; 822 int op_size = decode->operand_size; 823 824 fetch_operands(env, decode, 2, false, false, false); 825 826 if (0xbe == decode->opcode[1]) { 827 src_op_size = 1; 828 } else { 829 src_op_size = 2; 830 } 831 832 decode->operand_size = src_op_size; 833 calc_modrm_operand(env, decode, &decode->op[1]); 834 decode->op[1].val = sign(read_val_ext(env, decode->op[1].ptr, src_op_size), 835 src_op_size); 836 837 write_val_ext(env, decode->op[0].ptr, decode->op[1].val, op_size); 838 839 env->eip += decode->len; 840 } 841 842 void exec_ror(CPUX86State *env, struct x86_decode *decode) 843 { 844 uint8_t count; 845 846 fetch_operands(env, decode, 2, true, true, false); 847 count = decode->op[1].val; 848 849 switch (decode->operand_size) { 850 case 1: 851 { 852 uint32_t bit6, bit7; 853 uint8_t res; 854 855 if ((count & 0x07) == 0) { 856 if (count & 0x18) { 857 bit6 = ((uint8_t)decode->op[0].val >> 6) & 1; 858 bit7 = ((uint8_t)decode->op[0].val >> 7) & 1; 859 SET_FLAGS_OxxxxC(env, bit6 ^ bit7, bit7); 860 } 861 } else { 862 count &= 0x7; /* use only bottom 3 bits */ 863 res = ((uint8_t)decode->op[0].val >> count) | 864 ((uint8_t)decode->op[0].val << (8 - count)); 865 write_val_ext(env, decode->op[0].ptr, res, 1); 866 bit6 = (res >> 6) & 1; 867 bit7 = (res >> 7) & 1; 868 /* set eflags: ROR count affects the following flags: C, O */ 869 SET_FLAGS_OxxxxC(env, bit6 ^ bit7, bit7); 870 } 871 break; 872 } 873 case 2: 874 { 875 uint32_t bit14, bit15; 876 uint16_t res; 877 878 if ((count & 0x0f) == 0) { 879 if (count & 0x10) { 880 bit14 = ((uint16_t)decode->op[0].val >> 14) & 1; 881 bit15 = ((uint16_t)decode->op[0].val >> 15) & 1; 882 /* of = result14 ^ result15 */ 883 SET_FLAGS_OxxxxC(env, bit14 ^ bit15, bit15); 884 } 885 } else { 886 count &= 0x0f; /* use only 4 LSB's */ 887 res = ((uint16_t)decode->op[0].val >> count) | 888 ((uint16_t)decode->op[0].val << (16 - count)); 889 write_val_ext(env, decode->op[0].ptr, res, 2); 890 891 bit14 = (res >> 14) & 1; 892 bit15 = (res >> 15) & 1; 893 /* of = result14 ^ result15 */ 894 SET_FLAGS_OxxxxC(env, bit14 ^ bit15, bit15); 895 } 896 break; 897 } 898 case 4: 899 { 900 uint32_t bit31, bit30; 901 uint32_t res; 902 903 count &= 0x1f; 904 if (count) { 905 res = ((uint32_t)decode->op[0].val >> count) | 906 ((uint32_t)decode->op[0].val << (32 - count)); 907 write_val_ext(env, decode->op[0].ptr, res, 4); 908 909 bit31 = (res >> 31) & 1; 910 bit30 = (res >> 30) & 1; 911 /* of = result30 ^ result31 */ 912 SET_FLAGS_OxxxxC(env, bit30 ^ bit31, bit31); 913 } 914 break; 915 } 916 } 917 env->eip += decode->len; 918 } 919 920 void exec_rol(CPUX86State *env, struct x86_decode *decode) 921 { 922 uint8_t count; 923 924 fetch_operands(env, decode, 2, true, true, false); 925 count = decode->op[1].val; 926 927 switch (decode->operand_size) { 928 case 1: 929 { 930 uint32_t bit0, bit7; 931 uint8_t res; 932 933 if ((count & 0x07) == 0) { 934 if (count & 0x18) { 935 bit0 = ((uint8_t)decode->op[0].val & 1); 936 bit7 = ((uint8_t)decode->op[0].val >> 7); 937 SET_FLAGS_OxxxxC(env, bit0 ^ bit7, bit0); 938 } 939 } else { 940 count &= 0x7; /* use only lowest 3 bits */ 941 res = ((uint8_t)decode->op[0].val << count) | 942 ((uint8_t)decode->op[0].val >> (8 - count)); 943 944 write_val_ext(env, decode->op[0].ptr, res, 1); 945 /* set eflags: 946 * ROL count affects the following flags: C, O 947 */ 948 bit0 = (res & 1); 949 bit7 = (res >> 7); 950 SET_FLAGS_OxxxxC(env, bit0 ^ bit7, bit0); 951 } 952 break; 953 } 954 case 2: 955 { 956 uint32_t bit0, bit15; 957 uint16_t res; 958 959 if ((count & 0x0f) == 0) { 960 if (count & 0x10) { 961 bit0 = ((uint16_t)decode->op[0].val & 0x1); 962 bit15 = ((uint16_t)decode->op[0].val >> 15); 963 /* of = cf ^ result15 */ 964 SET_FLAGS_OxxxxC(env, bit0 ^ bit15, bit0); 965 } 966 } else { 967 count &= 0x0f; /* only use bottom 4 bits */ 968 res = ((uint16_t)decode->op[0].val << count) | 969 ((uint16_t)decode->op[0].val >> (16 - count)); 970 971 write_val_ext(env, decode->op[0].ptr, res, 2); 972 bit0 = (res & 0x1); 973 bit15 = (res >> 15); 974 /* of = cf ^ result15 */ 975 SET_FLAGS_OxxxxC(env, bit0 ^ bit15, bit0); 976 } 977 break; 978 } 979 case 4: 980 { 981 uint32_t bit0, bit31; 982 uint32_t res; 983 984 count &= 0x1f; 985 if (count) { 986 res = ((uint32_t)decode->op[0].val << count) | 987 ((uint32_t)decode->op[0].val >> (32 - count)); 988 989 write_val_ext(env, decode->op[0].ptr, res, 4); 990 bit0 = (res & 0x1); 991 bit31 = (res >> 31); 992 /* of = cf ^ result31 */ 993 SET_FLAGS_OxxxxC(env, bit0 ^ bit31, bit0); 994 } 995 break; 996 } 997 } 998 env->eip += decode->len; 999 } 1000 1001 1002 void exec_rcl(CPUX86State *env, struct x86_decode *decode) 1003 { 1004 uint8_t count; 1005 int of = 0, cf = 0; 1006 1007 fetch_operands(env, decode, 2, true, true, false); 1008 count = decode->op[1].val & 0x1f; 1009 1010 switch (decode->operand_size) { 1011 case 1: 1012 { 1013 uint8_t op1_8 = decode->op[0].val; 1014 uint8_t res; 1015 count %= 9; 1016 if (!count) { 1017 break; 1018 } 1019 1020 if (1 == count) { 1021 res = (op1_8 << 1) | get_CF(env); 1022 } else { 1023 res = (op1_8 << count) | (get_CF(env) << (count - 1)) | 1024 (op1_8 >> (9 - count)); 1025 } 1026 1027 write_val_ext(env, decode->op[0].ptr, res, 1); 1028 1029 cf = (op1_8 >> (8 - count)) & 0x01; 1030 of = cf ^ (res >> 7); /* of = cf ^ result7 */ 1031 SET_FLAGS_OxxxxC(env, of, cf); 1032 break; 1033 } 1034 case 2: 1035 { 1036 uint16_t res; 1037 uint16_t op1_16 = decode->op[0].val; 1038 1039 count %= 17; 1040 if (!count) { 1041 break; 1042 } 1043 1044 if (1 == count) { 1045 res = (op1_16 << 1) | get_CF(env); 1046 } else if (count == 16) { 1047 res = (get_CF(env) << 15) | (op1_16 >> 1); 1048 } else { /* 2..15 */ 1049 res = (op1_16 << count) | (get_CF(env) << (count - 1)) | 1050 (op1_16 >> (17 - count)); 1051 } 1052 1053 write_val_ext(env, decode->op[0].ptr, res, 2); 1054 1055 cf = (op1_16 >> (16 - count)) & 0x1; 1056 of = cf ^ (res >> 15); /* of = cf ^ result15 */ 1057 SET_FLAGS_OxxxxC(env, of, cf); 1058 break; 1059 } 1060 case 4: 1061 { 1062 uint32_t res; 1063 uint32_t op1_32 = decode->op[0].val; 1064 1065 if (!count) { 1066 break; 1067 } 1068 1069 if (1 == count) { 1070 res = (op1_32 << 1) | get_CF(env); 1071 } else { 1072 res = (op1_32 << count) | (get_CF(env) << (count - 1)) | 1073 (op1_32 >> (33 - count)); 1074 } 1075 1076 write_val_ext(env, decode->op[0].ptr, res, 4); 1077 1078 cf = (op1_32 >> (32 - count)) & 0x1; 1079 of = cf ^ (res >> 31); /* of = cf ^ result31 */ 1080 SET_FLAGS_OxxxxC(env, of, cf); 1081 break; 1082 } 1083 } 1084 env->eip += decode->len; 1085 } 1086 1087 void exec_rcr(CPUX86State *env, struct x86_decode *decode) 1088 { 1089 uint8_t count; 1090 int of = 0, cf = 0; 1091 1092 fetch_operands(env, decode, 2, true, true, false); 1093 count = decode->op[1].val & 0x1f; 1094 1095 switch (decode->operand_size) { 1096 case 1: 1097 { 1098 uint8_t op1_8 = decode->op[0].val; 1099 uint8_t res; 1100 1101 count %= 9; 1102 if (!count) { 1103 break; 1104 } 1105 res = (op1_8 >> count) | (get_CF(env) << (8 - count)) | 1106 (op1_8 << (9 - count)); 1107 1108 write_val_ext(env, decode->op[0].ptr, res, 1); 1109 1110 cf = (op1_8 >> (count - 1)) & 0x1; 1111 of = (((res << 1) ^ res) >> 7) & 0x1; /* of = result6 ^ result7 */ 1112 SET_FLAGS_OxxxxC(env, of, cf); 1113 break; 1114 } 1115 case 2: 1116 { 1117 uint16_t op1_16 = decode->op[0].val; 1118 uint16_t res; 1119 1120 count %= 17; 1121 if (!count) { 1122 break; 1123 } 1124 res = (op1_16 >> count) | (get_CF(env) << (16 - count)) | 1125 (op1_16 << (17 - count)); 1126 1127 write_val_ext(env, decode->op[0].ptr, res, 2); 1128 1129 cf = (op1_16 >> (count - 1)) & 0x1; 1130 of = ((uint16_t)((res << 1) ^ res) >> 15) & 0x1; /* of = result15 ^ 1131 result14 */ 1132 SET_FLAGS_OxxxxC(env, of, cf); 1133 break; 1134 } 1135 case 4: 1136 { 1137 uint32_t res; 1138 uint32_t op1_32 = decode->op[0].val; 1139 1140 if (!count) { 1141 break; 1142 } 1143 1144 if (1 == count) { 1145 res = (op1_32 >> 1) | (get_CF(env) << 31); 1146 } else { 1147 res = (op1_32 >> count) | (get_CF(env) << (32 - count)) | 1148 (op1_32 << (33 - count)); 1149 } 1150 1151 write_val_ext(env, decode->op[0].ptr, res, 4); 1152 1153 cf = (op1_32 >> (count - 1)) & 0x1; 1154 of = ((res << 1) ^ res) >> 31; /* of = result30 ^ result31 */ 1155 SET_FLAGS_OxxxxC(env, of, cf); 1156 break; 1157 } 1158 } 1159 env->eip += decode->len; 1160 } 1161 1162 static void exec_xchg(CPUX86State *env, struct x86_decode *decode) 1163 { 1164 fetch_operands(env, decode, 2, true, true, false); 1165 1166 write_val_ext(env, decode->op[0].ptr, decode->op[1].val, 1167 decode->operand_size); 1168 write_val_ext(env, decode->op[1].ptr, decode->op[0].val, 1169 decode->operand_size); 1170 1171 env->eip += decode->len; 1172 } 1173 1174 static void exec_xadd(CPUX86State *env, struct x86_decode *decode) 1175 { 1176 EXEC_2OP_FLAGS_CMD(env, decode, +, SET_FLAGS_OSZAPC_ADD, true); 1177 write_val_ext(env, decode->op[1].ptr, decode->op[0].val, 1178 decode->operand_size); 1179 1180 env->eip += decode->len; 1181 } 1182 1183 static struct cmd_handler { 1184 enum x86_decode_cmd cmd; 1185 void (*handler)(CPUX86State *env, struct x86_decode *ins); 1186 } handlers[] = { 1187 {X86_DECODE_CMD_INVL, NULL,}, 1188 {X86_DECODE_CMD_MOV, exec_mov}, 1189 {X86_DECODE_CMD_ADD, exec_add}, 1190 {X86_DECODE_CMD_OR, exec_or}, 1191 {X86_DECODE_CMD_ADC, exec_adc}, 1192 {X86_DECODE_CMD_SBB, exec_sbb}, 1193 {X86_DECODE_CMD_AND, exec_and}, 1194 {X86_DECODE_CMD_SUB, exec_sub}, 1195 {X86_DECODE_CMD_NEG, exec_neg}, 1196 {X86_DECODE_CMD_XOR, exec_xor}, 1197 {X86_DECODE_CMD_CMP, exec_cmp}, 1198 {X86_DECODE_CMD_INC, exec_inc}, 1199 {X86_DECODE_CMD_DEC, exec_dec}, 1200 {X86_DECODE_CMD_TST, exec_tst}, 1201 {X86_DECODE_CMD_NOT, exec_not}, 1202 {X86_DECODE_CMD_MOVZX, exec_movzx}, 1203 {X86_DECODE_CMD_OUT, exec_out}, 1204 {X86_DECODE_CMD_IN, exec_in}, 1205 {X86_DECODE_CMD_INS, exec_ins}, 1206 {X86_DECODE_CMD_OUTS, exec_outs}, 1207 {X86_DECODE_CMD_RDMSR, exec_rdmsr}, 1208 {X86_DECODE_CMD_WRMSR, exec_wrmsr}, 1209 {X86_DECODE_CMD_BT, exec_bt}, 1210 {X86_DECODE_CMD_BTR, exec_btr}, 1211 {X86_DECODE_CMD_BTC, exec_btc}, 1212 {X86_DECODE_CMD_BTS, exec_bts}, 1213 {X86_DECODE_CMD_SHL, exec_shl}, 1214 {X86_DECODE_CMD_ROL, exec_rol}, 1215 {X86_DECODE_CMD_ROR, exec_ror}, 1216 {X86_DECODE_CMD_RCR, exec_rcr}, 1217 {X86_DECODE_CMD_RCL, exec_rcl}, 1218 /*{X86_DECODE_CMD_CPUID, exec_cpuid},*/ 1219 {X86_DECODE_CMD_MOVS, exec_movs}, 1220 {X86_DECODE_CMD_CMPS, exec_cmps}, 1221 {X86_DECODE_CMD_STOS, exec_stos}, 1222 {X86_DECODE_CMD_SCAS, exec_scas}, 1223 {X86_DECODE_CMD_LODS, exec_lods}, 1224 {X86_DECODE_CMD_MOVSX, exec_movsx}, 1225 {X86_DECODE_CMD_XCHG, exec_xchg}, 1226 {X86_DECODE_CMD_XADD, exec_xadd}, 1227 }; 1228 1229 static struct cmd_handler _cmd_handler[X86_DECODE_CMD_LAST]; 1230 1231 const struct x86_emul_ops *emul_ops; 1232 1233 static void init_cmd_handler(void) 1234 { 1235 int i; 1236 for (i = 0; i < ARRAY_SIZE(handlers); i++) { 1237 _cmd_handler[handlers[i].cmd] = handlers[i]; 1238 } 1239 } 1240 1241 bool exec_instruction(CPUX86State *env, struct x86_decode *ins) 1242 { 1243 if (!_cmd_handler[ins->cmd].handler) { 1244 printf("Unimplemented handler (" TARGET_FMT_lx ") for %d (%x %x) \n", env->eip, 1245 ins->cmd, ins->opcode[0], 1246 ins->opcode_len > 1 ? ins->opcode[1] : 0); 1247 env->eip += ins->len; 1248 return true; 1249 } 1250 1251 _cmd_handler[ins->cmd].handler(env, ins); 1252 return true; 1253 } 1254 1255 void init_emu(const struct x86_emul_ops *o) 1256 { 1257 emul_ops = o; 1258 init_cmd_handler(); 1259 } 1260