search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
KVM: x86 emulator: Check CPL level during privilege instruction emulation
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / arch / x86 / kvm / emulate.c
blob7371e6570ba9fb4b5deaed527e424924dac0a98f
1 /******************************************************************************
2 * emulate.c
3 *
4 * Generic x86 (32-bit and 64-bit) instruction decoder and emulator.
5 *
6 * Copyright (c) 2005 Keir Fraser
7 *
8 * Linux coding style, mod r/m decoder, segment base fixes, real-mode
9 * privileged instructions:
10 *
11 * Copyright (C) 2006 Qumranet
12 *
13 * Avi Kivity <avi@qumranet.com>
14 * Yaniv Kamay <yaniv@qumranet.com>
15 *
16 * This work is licensed under the terms of the GNU GPL, version 2. See
17 * the COPYING file in the top-level directory.
18 *
19 * From: xen-unstable 10676:af9809f51f81a3c43f276f00c81a52ef558afda4
20 */
21
22 #ifndef __KERNEL__
23 #include <stdio.h>
24 #include <stdint.h>
25 #include <public/xen.h>
26 #define DPRINTF(_f, _a ...) printf(_f , ## _a)
27 #else
28 #include <linux/kvm_host.h>
29 #include "kvm_cache_regs.h"
30 #define DPRINTF(x...) do {} while (0)
31 #endif
32 #include <linux/module.h>
33 #include <asm/kvm_emulate.h>
34
35 #include "mmu.h" /* for is_long_mode() */
36
37 /*
38 * Opcode effective-address decode tables.
39 * Note that we only emulate instructions that have at least one memory
40 * operand (excluding implicit stack references). We assume that stack
41 * references and instruction fetches will never occur in special memory
42 * areas that require emulation. So, for example, 'mov <imm>,<reg>' need
43 * not be handled.
44 */
45
46 /* Operand sizes: 8-bit operands or specified/overridden size. */
47 #define ByteOp (1<<0) /* 8-bit operands. */
48 /* Destination operand type. */
49 #define ImplicitOps (1<<1) /* Implicit in opcode. No generic decode. */
50 #define DstReg (2<<1) /* Register operand. */
51 #define DstMem (3<<1) /* Memory operand. */
52 #define DstAcc (4<<1) /* Destination Accumulator */
53 #define DstMask (7<<1)
54 /* Source operand type. */
55 #define SrcNone (0<<4) /* No source operand. */
56 #define SrcImplicit (0<<4) /* Source operand is implicit in the opcode. */
57 #define SrcReg (1<<4) /* Register operand. */
58 #define SrcMem (2<<4) /* Memory operand. */
59 #define SrcMem16 (3<<4) /* Memory operand (16-bit). */
60 #define SrcMem32 (4<<4) /* Memory operand (32-bit). */
61 #define SrcImm (5<<4) /* Immediate operand. */
62 #define SrcImmByte (6<<4) /* 8-bit sign-extended immediate operand. */
63 #define SrcOne (7<<4) /* Implied '1' */
64 #define SrcImmUByte (8<<4) /* 8-bit unsigned immediate operand. */
65 #define SrcImmU (9<<4) /* Immediate operand, unsigned */
66 #define SrcMask (0xf<<4)
67 /* Generic ModRM decode. */
68 #define ModRM (1<<8)
69 /* Destination is only written; never read. */
70 #define Mov (1<<9)
71 #define BitOp (1<<10)
72 #define MemAbs (1<<11) /* Memory operand is absolute displacement */
73 #define String (1<<12) /* String instruction (rep capable) */
74 #define Stack (1<<13) /* Stack instruction (push/pop) */
75 #define Group (1<<14) /* Bits 3:5 of modrm byte extend opcode */
76 #define GroupDual (1<<15) /* Alternate decoding of mod == 3 */
77 #define GroupMask 0xff /* Group number stored in bits 0:7 */
78 #define Priv (1<<27) /* instruction generates #GP if current CPL != 0 */
79 /* Source 2 operand type */
80 #define Src2None (0<<29)
81 #define Src2CL (1<<29)
82 #define Src2ImmByte (2<<29)
83 #define Src2One (3<<29)
84 #define Src2Imm16 (4<<29)
85 #define Src2Mask (7<<29)
86
87 enum {
88 Group1_80, Group1_81, Group1_82, Group1_83,
89 Group1A, Group3_Byte, Group3, Group4, Group5, Group7,
90 Group8, Group9,
91 };
92
93 static u32 opcode_table[256] = {
94 /* 0x00 - 0x07 */
95 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
96 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
97 ByteOp | DstAcc | SrcImm, DstAcc | SrcImm, 0, 0,
98 /* 0x08 - 0x0F */
99 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
100 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
101 0, 0, 0, 0,
102 /* 0x10 - 0x17 */
103 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
104 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
105 ByteOp | DstAcc | SrcImm, DstAcc | SrcImm, 0, 0,
106 /* 0x18 - 0x1F */
107 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
108 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
109 ByteOp | DstAcc | SrcImm, DstAcc | SrcImm, 0, 0,
110 /* 0x20 - 0x27 */
111 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
112 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
113 DstAcc | SrcImmByte, DstAcc | SrcImm, 0, 0,
114 /* 0x28 - 0x2F */
115 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
116 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
117 0, 0, 0, 0,
118 /* 0x30 - 0x37 */
119 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
120 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
121 0, 0, 0, 0,
122 /* 0x38 - 0x3F */
123 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
124 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
125 ByteOp | DstAcc | SrcImm, DstAcc | SrcImm,
126 0, 0,
127 /* 0x40 - 0x47 */
128 DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg,
129 /* 0x48 - 0x4F */
130 DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg,
131 /* 0x50 - 0x57 */
132 SrcReg | Stack, SrcReg | Stack, SrcReg | Stack, SrcReg | Stack,
133 SrcReg | Stack, SrcReg | Stack, SrcReg | Stack, SrcReg | Stack,
134 /* 0x58 - 0x5F */
135 DstReg | Stack, DstReg | Stack, DstReg | Stack, DstReg | Stack,
136 DstReg | Stack, DstReg | Stack, DstReg | Stack, DstReg | Stack,
137 /* 0x60 - 0x67 */
138 0, 0, 0, DstReg | SrcMem32 | ModRM | Mov /* movsxd (x86/64) */ ,
139 0, 0, 0, 0,
140 /* 0x68 - 0x6F */
141 SrcImm | Mov | Stack, 0, SrcImmByte | Mov | Stack, 0,
142 SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps, /* insb, insw/insd */
143 SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps, /* outsb, outsw/outsd */
144 /* 0x70 - 0x77 */
145 SrcImmByte, SrcImmByte, SrcImmByte, SrcImmByte,
146 SrcImmByte, SrcImmByte, SrcImmByte, SrcImmByte,
147 /* 0x78 - 0x7F */
148 SrcImmByte, SrcImmByte, SrcImmByte, SrcImmByte,
149 SrcImmByte, SrcImmByte, SrcImmByte, SrcImmByte,
150 /* 0x80 - 0x87 */
151 Group | Group1_80, Group | Group1_81,
152 Group | Group1_82, Group | Group1_83,
153 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
154 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
155 /* 0x88 - 0x8F */
156 ByteOp | DstMem | SrcReg | ModRM | Mov, DstMem | SrcReg | ModRM | Mov,
157 ByteOp | DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
158 DstMem | SrcReg | ModRM | Mov, ModRM | DstReg,
159 DstReg | SrcMem | ModRM | Mov, Group | Group1A,
160 /* 0x90 - 0x97 */
161 DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg,
162 /* 0x98 - 0x9F */
163 0, 0, SrcImm | Src2Imm16, 0,
164 ImplicitOps | Stack, ImplicitOps | Stack, 0, 0,
165 /* 0xA0 - 0xA7 */
166 ByteOp | DstReg | SrcMem | Mov | MemAbs, DstReg | SrcMem | Mov | MemAbs,
167 ByteOp | DstMem | SrcReg | Mov | MemAbs, DstMem | SrcReg | Mov | MemAbs,
168 ByteOp | ImplicitOps | Mov | String, ImplicitOps | Mov | String,
169 ByteOp | ImplicitOps | String, ImplicitOps | String,
170 /* 0xA8 - 0xAF */
171 0, 0, ByteOp | ImplicitOps | Mov | String, ImplicitOps | Mov | String,
172 ByteOp | ImplicitOps | Mov | String, ImplicitOps | Mov | String,
173 ByteOp | ImplicitOps | String, ImplicitOps | String,
174 /* 0xB0 - 0xB7 */
175 ByteOp | DstReg | SrcImm | Mov, ByteOp | DstReg | SrcImm | Mov,
176 ByteOp | DstReg | SrcImm | Mov, ByteOp | DstReg | SrcImm | Mov,
177 ByteOp | DstReg | SrcImm | Mov, ByteOp | DstReg | SrcImm | Mov,
178 ByteOp | DstReg | SrcImm | Mov, ByteOp | DstReg | SrcImm | Mov,
179 /* 0xB8 - 0xBF */
180 DstReg | SrcImm | Mov, DstReg | SrcImm | Mov,
181 DstReg | SrcImm | Mov, DstReg | SrcImm | Mov,
182 DstReg | SrcImm | Mov, DstReg | SrcImm | Mov,
183 DstReg | SrcImm | Mov, DstReg | SrcImm | Mov,
184 /* 0xC0 - 0xC7 */
185 ByteOp | DstMem | SrcImm | ModRM, DstMem | SrcImmByte | ModRM,
186 0, ImplicitOps | Stack, 0, 0,
187 ByteOp | DstMem | SrcImm | ModRM | Mov, DstMem | SrcImm | ModRM | Mov,
188 /* 0xC8 - 0xCF */
189 0, 0, 0, ImplicitOps | Stack,
190 ImplicitOps, SrcImmByte, ImplicitOps, ImplicitOps,
191 /* 0xD0 - 0xD7 */
192 ByteOp | DstMem | SrcImplicit | ModRM, DstMem | SrcImplicit | ModRM,
193 ByteOp | DstMem | SrcImplicit | ModRM, DstMem | SrcImplicit | ModRM,
194 0, 0, 0, 0,
195 /* 0xD8 - 0xDF */
196 0, 0, 0, 0, 0, 0, 0, 0,
197 /* 0xE0 - 0xE7 */
198 0, 0, 0, 0,
199 ByteOp | SrcImmUByte, SrcImmUByte,
200 ByteOp | SrcImmUByte, SrcImmUByte,
201 /* 0xE8 - 0xEF */
202 SrcImm | Stack, SrcImm | ImplicitOps,
203 SrcImmU | Src2Imm16, SrcImmByte | ImplicitOps,
204 SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
205 SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
206 /* 0xF0 - 0xF7 */
207 0, 0, 0, 0,
208 ImplicitOps | Priv, ImplicitOps, Group | Group3_Byte, Group | Group3,
209 /* 0xF8 - 0xFF */
210 ImplicitOps, 0, ImplicitOps, ImplicitOps,
211 ImplicitOps, ImplicitOps, Group | Group4, Group | Group5,
212 };
213
214 static u32 twobyte_table[256] = {
215 /* 0x00 - 0x0F */
216 0, Group | GroupDual | Group7, 0, 0,
217 0, ImplicitOps, ImplicitOps | Priv, 0,
218 ImplicitOps | Priv, ImplicitOps | Priv, 0, 0,
219 0, ImplicitOps | ModRM, 0, 0,
220 /* 0x10 - 0x1F */
221 0, 0, 0, 0, 0, 0, 0, 0, ImplicitOps | ModRM, 0, 0, 0, 0, 0, 0, 0,
222 /* 0x20 - 0x2F */
223 ModRM | ImplicitOps | Priv, ModRM | Priv,
224 ModRM | ImplicitOps | Priv, ModRM | Priv,
225 0, 0, 0, 0,
226 0, 0, 0, 0, 0, 0, 0, 0,
227 /* 0x30 - 0x3F */
228 ImplicitOps | Priv, 0, ImplicitOps | Priv, 0,
229 ImplicitOps, ImplicitOps | Priv, 0, 0,
230 0, 0, 0, 0, 0, 0, 0, 0,
231 /* 0x40 - 0x47 */
232 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
233 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
234 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
235 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
236 /* 0x48 - 0x4F */
237 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
238 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
239 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
240 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
241 /* 0x50 - 0x5F */
242 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
243 /* 0x60 - 0x6F */
244 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
245 /* 0x70 - 0x7F */
246 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
247 /* 0x80 - 0x8F */
248 SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm,
249 SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm, SrcImm,
250 /* 0x90 - 0x9F */
251 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
252 /* 0xA0 - 0xA7 */
253 0, 0, 0, DstMem | SrcReg | ModRM | BitOp,
254 DstMem | SrcReg | Src2ImmByte | ModRM,
255 DstMem | SrcReg | Src2CL | ModRM, 0, 0,
256 /* 0xA8 - 0xAF */
257 0, 0, 0, DstMem | SrcReg | ModRM | BitOp,
258 DstMem | SrcReg | Src2ImmByte | ModRM,
259 DstMem | SrcReg | Src2CL | ModRM,
260 ModRM, 0,
261 /* 0xB0 - 0xB7 */
262 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM, 0,
263 DstMem | SrcReg | ModRM | BitOp,
264 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov,
265 DstReg | SrcMem16 | ModRM | Mov,
266 /* 0xB8 - 0xBF */
267 0, 0, Group | Group8, DstMem | SrcReg | ModRM | BitOp,
268 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov,
269 DstReg | SrcMem16 | ModRM | Mov,
270 /* 0xC0 - 0xCF */
271 0, 0, 0, DstMem | SrcReg | ModRM | Mov,
272 0, 0, 0, Group | GroupDual | Group9,
273 0, 0, 0, 0, 0, 0, 0, 0,
274 /* 0xD0 - 0xDF */
275 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
276 /* 0xE0 - 0xEF */
277 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
278 /* 0xF0 - 0xFF */
279 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
280 };
281
282 static u32 group_table[] = {
283 [Group1_80*8] =
284 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
285 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
286 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
287 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
288 [Group1_81*8] =
289 DstMem | SrcImm | ModRM, DstMem | SrcImm | ModRM,
290 DstMem | SrcImm | ModRM, DstMem | SrcImm | ModRM,
291 DstMem | SrcImm | ModRM, DstMem | SrcImm | ModRM,
292 DstMem | SrcImm | ModRM, DstMem | SrcImm | ModRM,
293 [Group1_82*8] =
294 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
295 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
296 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
297 ByteOp | DstMem | SrcImm | ModRM, ByteOp | DstMem | SrcImm | ModRM,
298 [Group1_83*8] =
299 DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
300 DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
301 DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
302 DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
303 [Group1A*8] =
304 DstMem | SrcNone | ModRM | Mov | Stack, 0, 0, 0, 0, 0, 0, 0,
305 [Group3_Byte*8] =
306 ByteOp | SrcImm | DstMem | ModRM, 0,
307 ByteOp | DstMem | SrcNone | ModRM, ByteOp | DstMem | SrcNone | ModRM,
308 0, 0, 0, 0,
309 [Group3*8] =
310 DstMem | SrcImm | ModRM, 0,
311 DstMem | SrcNone | ModRM, DstMem | SrcNone | ModRM,
312 0, 0, 0, 0,
313 [Group4*8] =
314 ByteOp | DstMem | SrcNone | ModRM, ByteOp | DstMem | SrcNone | ModRM,
315 0, 0, 0, 0, 0, 0,
316 [Group5*8] =
317 DstMem | SrcNone | ModRM, DstMem | SrcNone | ModRM,
318 SrcMem | ModRM | Stack, 0,
319 SrcMem | ModRM | Stack, 0, SrcMem | ModRM | Stack, 0,
320 [Group7*8] =
321 0, 0, ModRM | SrcMem | Priv, ModRM | SrcMem | Priv,
322 SrcNone | ModRM | DstMem | Mov, 0,
323 SrcMem16 | ModRM | Mov | Priv, SrcMem | ModRM | ByteOp | Priv,
324 [Group8*8] =
325 0, 0, 0, 0,
326 DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
327 DstMem | SrcImmByte | ModRM, DstMem | SrcImmByte | ModRM,
328 [Group9*8] =
329 0, ImplicitOps | ModRM, 0, 0, 0, 0, 0, 0,
330 };
331
332 static u32 group2_table[] = {
333 [Group7*8] =
334 SrcNone | ModRM | Priv, 0, 0, SrcNone | ModRM,
335 SrcNone | ModRM | DstMem | Mov, 0,
336 SrcMem16 | ModRM | Mov, 0,
337 [Group9*8] =
338 0, 0, 0, 0, 0, 0, 0, 0,
339 };
340
341 /* EFLAGS bit definitions. */
342 #define EFLG_VM (1<<17)
343 #define EFLG_RF (1<<16)
344 #define EFLG_OF (1<<11)
345 #define EFLG_DF (1<<10)
346 #define EFLG_IF (1<<9)
347 #define EFLG_SF (1<<7)
348 #define EFLG_ZF (1<<6)
349 #define EFLG_AF (1<<4)
350 #define EFLG_PF (1<<2)
351 #define EFLG_CF (1<<0)
352
353 /*
354 * Instruction emulation:
355 * Most instructions are emulated directly via a fragment of inline assembly
356 * code. This allows us to save/restore EFLAGS and thus very easily pick up
357 * any modified flags.
358 */
359
360 #if defined(CONFIG_X86_64)
361 #define _LO32 "k" /* force 32-bit operand */
362 #define _STK "%%rsp" /* stack pointer */
363 #elif defined(__i386__)
364 #define _LO32 "" /* force 32-bit operand */
365 #define _STK "%%esp" /* stack pointer */
366 #endif
367
368 /*
369 * These EFLAGS bits are restored from saved value during emulation, and
370 * any changes are written back to the saved value after emulation.
371 */
372 #define EFLAGS_MASK (EFLG_OF|EFLG_SF|EFLG_ZF|EFLG_AF|EFLG_PF|EFLG_CF)
373
374 /* Before executing instruction: restore necessary bits in EFLAGS. */
375 #define _PRE_EFLAGS(_sav, _msk, _tmp) \
376 /* EFLAGS = (_sav & _msk) | (EFLAGS & ~_msk); _sav &= ~_msk; */ \
377 "movl %"_sav",%"_LO32 _tmp"; " \
378 "push %"_tmp"; " \
379 "push %"_tmp"; " \
380 "movl %"_msk",%"_LO32 _tmp"; " \
381 "andl %"_LO32 _tmp",("_STK"); " \
382 "pushf; " \
383 "notl %"_LO32 _tmp"; " \
384 "andl %"_LO32 _tmp",("_STK"); " \
385 "andl %"_LO32 _tmp","__stringify(BITS_PER_LONG/4)"("_STK"); " \
386 "pop %"_tmp"; " \
387 "orl %"_LO32 _tmp",("_STK"); " \
388 "popf; " \
389 "pop %"_sav"; "
390
391 /* After executing instruction: write-back necessary bits in EFLAGS. */
392 #define _POST_EFLAGS(_sav, _msk, _tmp) \
393 /* _sav |= EFLAGS & _msk; */ \
394 "pushf; " \
395 "pop %"_tmp"; " \
396 "andl %"_msk",%"_LO32 _tmp"; " \
397 "orl %"_LO32 _tmp",%"_sav"; "
398
399 #ifdef CONFIG_X86_64
400 #define ON64(x) x
401 #else
402 #define ON64(x)
403 #endif
404
405 #define ____emulate_2op(_op, _src, _dst, _eflags, _x, _y, _suffix) \
406 do { \
407 __asm__ __volatile__ ( \
408 _PRE_EFLAGS("0", "4", "2") \
409 _op _suffix " %"_x"3,%1; " \
410 _POST_EFLAGS("0", "4", "2") \
411 : "=m" (_eflags), "=m" ((_dst).val), \
412 "=&r" (_tmp) \
413 : _y ((_src).val), "i" (EFLAGS_MASK)); \
414 } while (0)
415
416
417 /* Raw emulation: instruction has two explicit operands. */
418 #define __emulate_2op_nobyte(_op,_src,_dst,_eflags,_wx,_wy,_lx,_ly,_qx,_qy) \
419 do { \
420 unsigned long _tmp; \
421 \
422 switch ((_dst).bytes) { \
423 case 2: \
424 ____emulate_2op(_op,_src,_dst,_eflags,_wx,_wy,"w"); \
425 break; \
426 case 4: \
427 ____emulate_2op(_op,_src,_dst,_eflags,_lx,_ly,"l"); \
428 break; \
429 case 8: \
430 ON64(____emulate_2op(_op,_src,_dst,_eflags,_qx,_qy,"q")); \
431 break; \
432 } \
433 } while (0)
434
435 #define __emulate_2op(_op,_src,_dst,_eflags,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
436 do { \
437 unsigned long _tmp; \
438 switch ((_dst).bytes) { \
439 case 1: \
440 ____emulate_2op(_op,_src,_dst,_eflags,_bx,_by,"b"); \
441 break; \
442 default: \
443 __emulate_2op_nobyte(_op, _src, _dst, _eflags, \
444 _wx, _wy, _lx, _ly, _qx, _qy); \
445 break; \
446 } \
447 } while (0)
448
449 /* Source operand is byte-sized and may be restricted to just %cl. */
450 #define emulate_2op_SrcB(_op, _src, _dst, _eflags) \
451 __emulate_2op(_op, _src, _dst, _eflags, \
452 "b", "c", "b", "c", "b", "c", "b", "c")
453
454 /* Source operand is byte, word, long or quad sized. */
455 #define emulate_2op_SrcV(_op, _src, _dst, _eflags) \
456 __emulate_2op(_op, _src, _dst, _eflags, \
457 "b", "q", "w", "r", _LO32, "r", "", "r")
458
459 /* Source operand is word, long or quad sized. */
460 #define emulate_2op_SrcV_nobyte(_op, _src, _dst, _eflags) \
461 __emulate_2op_nobyte(_op, _src, _dst, _eflags, \
462 "w", "r", _LO32, "r", "", "r")
463
464 /* Instruction has three operands and one operand is stored in ECX register */
465 #define __emulate_2op_cl(_op, _cl, _src, _dst, _eflags, _suffix, _type) \
466 do { \
467 unsigned long _tmp; \
468 _type _clv = (_cl).val; \
469 _type _srcv = (_src).val; \
470 _type _dstv = (_dst).val; \
471 \
472 __asm__ __volatile__ ( \
473 _PRE_EFLAGS("0", "5", "2") \
474 _op _suffix " %4,%1 \n" \
475 _POST_EFLAGS("0", "5", "2") \
476 : "=m" (_eflags), "+r" (_dstv), "=&r" (_tmp) \
477 : "c" (_clv) , "r" (_srcv), "i" (EFLAGS_MASK) \
478 ); \
479 \
480 (_cl).val = (unsigned long) _clv; \
481 (_src).val = (unsigned long) _srcv; \
482 (_dst).val = (unsigned long) _dstv; \
483 } while (0)
484
485 #define emulate_2op_cl(_op, _cl, _src, _dst, _eflags) \
486 do { \
487 switch ((_dst).bytes) { \
488 case 2: \
489 __emulate_2op_cl(_op, _cl, _src, _dst, _eflags, \
490 "w", unsigned short); \
491 break; \
492 case 4: \
493 __emulate_2op_cl(_op, _cl, _src, _dst, _eflags, \
494 "l", unsigned int); \
495 break; \
496 case 8: \
497 ON64(__emulate_2op_cl(_op, _cl, _src, _dst, _eflags, \
498 "q", unsigned long)); \
499 break; \
500 } \
501 } while (0)
502
503 #define __emulate_1op(_op, _dst, _eflags, _suffix) \
504 do { \
505 unsigned long _tmp; \
506 \
507 __asm__ __volatile__ ( \
508 _PRE_EFLAGS("0", "3", "2") \
509 _op _suffix " %1; " \
510 _POST_EFLAGS("0", "3", "2") \
511 : "=m" (_eflags), "+m" ((_dst).val), \
512 "=&r" (_tmp) \
513 : "i" (EFLAGS_MASK)); \
514 } while (0)
515
516 /* Instruction has only one explicit operand (no source operand). */
517 #define emulate_1op(_op, _dst, _eflags) \
518 do { \
519 switch ((_dst).bytes) { \
520 case 1: __emulate_1op(_op, _dst, _eflags, "b"); break; \
521 case 2: __emulate_1op(_op, _dst, _eflags, "w"); break; \
522 case 4: __emulate_1op(_op, _dst, _eflags, "l"); break; \
523 case 8: ON64(__emulate_1op(_op, _dst, _eflags, "q")); break; \
524 } \
525 } while (0)
526
527 /* Fetch next part of the instruction being emulated. */
528 #define insn_fetch(_type, _size, _eip) \
529 ({ unsigned long _x; \
530 rc = do_insn_fetch(ctxt, ops, (_eip), &_x, (_size)); \
531 if (rc != 0) \
532 goto done; \
533 (_eip) += (_size); \
534 (_type)_x; \
535 })
536
537 static inline unsigned long ad_mask(struct decode_cache *c)
538 {
539 return (1UL << (c->ad_bytes << 3)) - 1;
540 }
541
542 /* Access/update address held in a register, based on addressing mode. */
543 static inline unsigned long
544 address_mask(struct decode_cache *c, unsigned long reg)
545 {
546 if (c->ad_bytes == sizeof(unsigned long))
547 return reg;
548 else
549 return reg & ad_mask(c);
550 }
551
552 static inline unsigned long
553 register_address(struct decode_cache *c, unsigned long base, unsigned long reg)
554 {
555 return base + address_mask(c, reg);
556 }
557
558 static inline void
559 register_address_increment(struct decode_cache *c, unsigned long *reg, int inc)
560 {
561 if (c->ad_bytes == sizeof(unsigned long))
562 *reg += inc;
563 else
564 *reg = (*reg & ~ad_mask(c)) | ((*reg + inc) & ad_mask(c));
565 }
566
567 static inline void jmp_rel(struct decode_cache *c, int rel)
568 {
569 register_address_increment(c, &c->eip, rel);
570 }
571
572 static void set_seg_override(struct decode_cache *c, int seg)
573 {
574 c->has_seg_override = true;
575 c->seg_override = seg;
576 }
577
578 static unsigned long seg_base(struct x86_emulate_ctxt *ctxt, int seg)
579 {
580 if (ctxt->mode == X86EMUL_MODE_PROT64 && seg < VCPU_SREG_FS)
581 return 0;
582
583 return kvm_x86_ops->get_segment_base(ctxt->vcpu, seg);
584 }
585
586 static unsigned long seg_override_base(struct x86_emulate_ctxt *ctxt,
587 struct decode_cache *c)
588 {
589 if (!c->has_seg_override)
590 return 0;
591
592 return seg_base(ctxt, c->seg_override);
593 }
594
595 static unsigned long es_base(struct x86_emulate_ctxt *ctxt)
596 {
597 return seg_base(ctxt, VCPU_SREG_ES);
598 }
599
600 static unsigned long ss_base(struct x86_emulate_ctxt *ctxt)
601 {
602 return seg_base(ctxt, VCPU_SREG_SS);
603 }
604
605 static int do_fetch_insn_byte(struct x86_emulate_ctxt *ctxt,
606 struct x86_emulate_ops *ops,
607 unsigned long linear, u8 *dest)
608 {
609 struct fetch_cache *fc = &ctxt->decode.fetch;
610 int rc;
611 int size;
612
613 if (linear < fc->start || linear >= fc->end) {
614 size = min(15UL, PAGE_SIZE - offset_in_page(linear));
615 rc = ops->read_std(linear, fc->data, size, ctxt->vcpu);
616 if (rc)
617 return rc;
618 fc->start = linear;
619 fc->end = linear + size;
620 }
621 *dest = fc->data[linear - fc->start];
622 return 0;
623 }
624
625 static int do_insn_fetch(struct x86_emulate_ctxt *ctxt,
626 struct x86_emulate_ops *ops,
627 unsigned long eip, void *dest, unsigned size)
628 {
629 int rc = 0;
630
631 /* x86 instructions are limited to 15 bytes. */
632 if (eip + size - ctxt->decode.eip_orig > 15)
633 return X86EMUL_UNHANDLEABLE;
634 eip += ctxt->cs_base;
635 while (size--) {
636 rc = do_fetch_insn_byte(ctxt, ops, eip++, dest++);
637 if (rc)
638 return rc;
639 }
640 return 0;
641 }
642
643 /*
644 * Given the 'reg' portion of a ModRM byte, and a register block, return a
645 * pointer into the block that addresses the relevant register.
646 * @highbyte_regs specifies whether to decode AH,CH,DH,BH.
647 */
648 static void *decode_register(u8 modrm_reg, unsigned long *regs,
649 int highbyte_regs)
650 {
651 void *p;
652
653 p = &regs[modrm_reg];
654 if (highbyte_regs && modrm_reg >= 4 && modrm_reg < 8)
655 p = (unsigned char *)&regs[modrm_reg & 3] + 1;
656 return p;
657 }
658
659 static int read_descriptor(struct x86_emulate_ctxt *ctxt,
660 struct x86_emulate_ops *ops,
661 void *ptr,
662 u16 *size, unsigned long *address, int op_bytes)
663 {
664 int rc;
665
666 if (op_bytes == 2)
667 op_bytes = 3;
668 *address = 0;
669 rc = ops->read_std((unsigned long)ptr, (unsigned long *)size, 2,
670 ctxt->vcpu);
671 if (rc)
672 return rc;
673 rc = ops->read_std((unsigned long)ptr + 2, address, op_bytes,
674 ctxt->vcpu);
675 return rc;
676 }
677
678 static int test_cc(unsigned int condition, unsigned int flags)
679 {
680 int rc = 0;
681
682 switch ((condition & 15) >> 1) {
683 case 0: /* o */
684 rc |= (flags & EFLG_OF);
685 break;
686 case 1: /* b/c/nae */
687 rc |= (flags & EFLG_CF);
688 break;
689 case 2: /* z/e */
690 rc |= (flags & EFLG_ZF);
691 break;
692 case 3: /* be/na */
693 rc |= (flags & (EFLG_CF|EFLG_ZF));
694 break;
695 case 4: /* s */
696 rc |= (flags & EFLG_SF);
697 break;
698 case 5: /* p/pe */
699 rc |= (flags & EFLG_PF);
700 break;
701 case 7: /* le/ng */
702 rc |= (flags & EFLG_ZF);
703 /* fall through */
704 case 6: /* l/nge */
705 rc |= (!(flags & EFLG_SF) != !(flags & EFLG_OF));
706 break;
707 }
708
709 /* Odd condition identifiers (lsb == 1) have inverted sense. */
710 return (!!rc ^ (condition & 1));
711 }
712
713 static void decode_register_operand(struct operand *op,
714 struct decode_cache *c,
715 int inhibit_bytereg)
716 {
717 unsigned reg = c->modrm_reg;
718 int highbyte_regs = c->rex_prefix == 0;
719
720 if (!(c->d & ModRM))
721 reg = (c->b & 7) | ((c->rex_prefix & 1) << 3);
722 op->type = OP_REG;
723 if ((c->d & ByteOp) && !inhibit_bytereg) {
724 op->ptr = decode_register(reg, c->regs, highbyte_regs);
725 op->val = *(u8 *)op->ptr;
726 op->bytes = 1;
727 } else {
728 op->ptr = decode_register(reg, c->regs, 0);
729 op->bytes = c->op_bytes;
730 switch (op->bytes) {
731 case 2:
732 op->val = *(u16 *)op->ptr;
733 break;
734 case 4:
735 op->val = *(u32 *)op->ptr;
736 break;
737 case 8:
738 op->val = *(u64 *) op->ptr;
739 break;
740 }
741 }
742 op->orig_val = op->val;
743 }
744
745 static int decode_modrm(struct x86_emulate_ctxt *ctxt,
746 struct x86_emulate_ops *ops)
747 {
748 struct decode_cache *c = &ctxt->decode;
749 u8 sib;
750 int index_reg = 0, base_reg = 0, scale;
751 int rc = 0;
752
753 if (c->rex_prefix) {
754 c->modrm_reg = (c->rex_prefix & 4) << 1; /* REX.R */
755 index_reg = (c->rex_prefix & 2) << 2; /* REX.X */
756 c->modrm_rm = base_reg = (c->rex_prefix & 1) << 3; /* REG.B */
757 }
758
759 c->modrm = insn_fetch(u8, 1, c->eip);
760 c->modrm_mod |= (c->modrm & 0xc0) >> 6;
761 c->modrm_reg |= (c->modrm & 0x38) >> 3;
762 c->modrm_rm |= (c->modrm & 0x07);
763 c->modrm_ea = 0;
764 c->use_modrm_ea = 1;
765
766 if (c->modrm_mod == 3) {
767 c->modrm_ptr = decode_register(c->modrm_rm,
768 c->regs, c->d & ByteOp);
769 c->modrm_val = *(unsigned long *)c->modrm_ptr;
770 return rc;
771 }
772
773 if (c->ad_bytes == 2) {
774 unsigned bx = c->regs[VCPU_REGS_RBX];
775 unsigned bp = c->regs[VCPU_REGS_RBP];
776 unsigned si = c->regs[VCPU_REGS_RSI];
777 unsigned di = c->regs[VCPU_REGS_RDI];
778
779 /* 16-bit ModR/M decode. */
780 switch (c->modrm_mod) {
781 case 0:
782 if (c->modrm_rm == 6)
783 c->modrm_ea += insn_fetch(u16, 2, c->eip);
784 break;
785 case 1:
786 c->modrm_ea += insn_fetch(s8, 1, c->eip);
787 break;
788 case 2:
789 c->modrm_ea += insn_fetch(u16, 2, c->eip);
790 break;
791 }
792 switch (c->modrm_rm) {
793 case 0:
794 c->modrm_ea += bx + si;
795 break;
796 case 1:
797 c->modrm_ea += bx + di;
798 break;
799 case 2:
800 c->modrm_ea += bp + si;
801 break;
802 case 3:
803 c->modrm_ea += bp + di;
804 break;
805 case 4:
806 c->modrm_ea += si;
807 break;
808 case 5:
809 c->modrm_ea += di;
810 break;
811 case 6:
812 if (c->modrm_mod != 0)
813 c->modrm_ea += bp;
814 break;
815 case 7:
816 c->modrm_ea += bx;
817 break;
818 }
819 if (c->modrm_rm == 2 || c->modrm_rm == 3 ||
820 (c->modrm_rm == 6 && c->modrm_mod != 0))
821 if (!c->has_seg_override)
822 set_seg_override(c, VCPU_SREG_SS);
823 c->modrm_ea = (u16)c->modrm_ea;
824 } else {
825 /* 32/64-bit ModR/M decode. */
826 if ((c->modrm_rm & 7) == 4) {
827 sib = insn_fetch(u8, 1, c->eip);
828 index_reg |= (sib >> 3) & 7;
829 base_reg |= sib & 7;
830 scale = sib >> 6;
831
832 if ((base_reg & 7) == 5 && c->modrm_mod == 0)
833 c->modrm_ea += insn_fetch(s32, 4, c->eip);
834 else
835 c->modrm_ea += c->regs[base_reg];
836 if (index_reg != 4)
837 c->modrm_ea += c->regs[index_reg] << scale;
838 } else if ((c->modrm_rm & 7) == 5 && c->modrm_mod == 0) {
839 if (ctxt->mode == X86EMUL_MODE_PROT64)
840 c->rip_relative = 1;
841 } else
842 c->modrm_ea += c->regs[c->modrm_rm];
843 switch (c->modrm_mod) {
844 case 0:
845 if (c->modrm_rm == 5)
846 c->modrm_ea += insn_fetch(s32, 4, c->eip);
847 break;
848 case 1:
849 c->modrm_ea += insn_fetch(s8, 1, c->eip);
850 break;
851 case 2:
852 c->modrm_ea += insn_fetch(s32, 4, c->eip);
853 break;
854 }
855 }
856 done:
857 return rc;
858 }
859
860 static int decode_abs(struct x86_emulate_ctxt *ctxt,
861 struct x86_emulate_ops *ops)
862 {
863 struct decode_cache *c = &ctxt->decode;
864 int rc = 0;
865
866 switch (c->ad_bytes) {
867 case 2:
868 c->modrm_ea = insn_fetch(u16, 2, c->eip);
869 break;
870 case 4:
871 c->modrm_ea = insn_fetch(u32, 4, c->eip);
872 break;
873 case 8:
874 c->modrm_ea = insn_fetch(u64, 8, c->eip);
875 break;
876 }
877 done:
878 return rc;
879 }
880
881 int
882 x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
883 {
884 struct decode_cache *c = &ctxt->decode;
885 int rc = 0;
886 int mode = ctxt->mode;
887 int def_op_bytes, def_ad_bytes, group;
888
889 /* Shadow copy of register state. Committed on successful emulation. */
890
891 memset(c, 0, sizeof(struct decode_cache));
892 c->eip = c->eip_orig = kvm_rip_read(ctxt->vcpu);
893 ctxt->cs_base = seg_base(ctxt, VCPU_SREG_CS);
894 memcpy(c->regs, ctxt->vcpu->arch.regs, sizeof c->regs);
895
896 switch (mode) {
897 case X86EMUL_MODE_REAL:
898 case X86EMUL_MODE_PROT16:
899 def_op_bytes = def_ad_bytes = 2;
900 break;
901 case X86EMUL_MODE_PROT32:
902 def_op_bytes = def_ad_bytes = 4;
903 break;
904 #ifdef CONFIG_X86_64
905 case X86EMUL_MODE_PROT64:
906 def_op_bytes = 4;
907 def_ad_bytes = 8;
908 break;
909 #endif
910 default:
911 return -1;
912 }
913
914 c->op_bytes = def_op_bytes;
915 c->ad_bytes = def_ad_bytes;
916
917 /* Legacy prefixes. */
918 for (;;) {
919 switch (c->b = insn_fetch(u8, 1, c->eip)) {
920 case 0x66: /* operand-size override */
921 /* switch between 2/4 bytes */
922 c->op_bytes = def_op_bytes ^ 6;
923 break;
924 case 0x67: /* address-size override */
925 if (mode == X86EMUL_MODE_PROT64)
926 /* switch between 4/8 bytes */
927 c->ad_bytes = def_ad_bytes ^ 12;
928 else
929 /* switch between 2/4 bytes */
930 c->ad_bytes = def_ad_bytes ^ 6;
931 break;
932 case 0x26: /* ES override */
933 case 0x2e: /* CS override */
934 case 0x36: /* SS override */
935 case 0x3e: /* DS override */
936 set_seg_override(c, (c->b >> 3) & 3);
937 break;
938 case 0x64: /* FS override */
939 case 0x65: /* GS override */
940 set_seg_override(c, c->b & 7);
941 break;
942 case 0x40 ... 0x4f: /* REX */
943 if (mode != X86EMUL_MODE_PROT64)
944 goto done_prefixes;
945 c->rex_prefix = c->b;
946 continue;
947 case 0xf0: /* LOCK */
948 c->lock_prefix = 1;
949 break;
950 case 0xf2: /* REPNE/REPNZ */
951 c->rep_prefix = REPNE_PREFIX;
952 break;
953 case 0xf3: /* REP/REPE/REPZ */
954 c->rep_prefix = REPE_PREFIX;
955 break;
956 default:
957 goto done_prefixes;
958 }
959
960 /* Any legacy prefix after a REX prefix nullifies its effect. */
961
962 c->rex_prefix = 0;
963 }
964
965 done_prefixes:
966
967 /* REX prefix. */
968 if (c->rex_prefix)
969 if (c->rex_prefix & 8)
970 c->op_bytes = 8; /* REX.W */
971
972 /* Opcode byte(s). */
973 c->d = opcode_table[c->b];
974 if (c->d == 0) {
975 /* Two-byte opcode? */
976 if (c->b == 0x0f) {
977 c->twobyte = 1;
978 c->b = insn_fetch(u8, 1, c->eip);
979 c->d = twobyte_table[c->b];
980 }
981 }
982
983 if (c->d & Group) {
984 group = c->d & GroupMask;
985 c->modrm = insn_fetch(u8, 1, c->eip);
986 --c->eip;
987
988 group = (group << 3) + ((c->modrm >> 3) & 7);
989 if ((c->d & GroupDual) && (c->modrm >> 6) == 3)
990 c->d = group2_table[group];
991 else
992 c->d = group_table[group];
993 }
994
995 /* Unrecognised? */
996 if (c->d == 0) {
997 DPRINTF("Cannot emulate %02x\n", c->b);
998 return -1;
999 }
1000
1001 if (mode == X86EMUL_MODE_PROT64 && (c->d & Stack))
1002 c->op_bytes = 8;
1003
1004 /* ModRM and SIB bytes. */
1005 if (c->d & ModRM)
1006 rc = decode_modrm(ctxt, ops);
1007 else if (c->d & MemAbs)
1008 rc = decode_abs(ctxt, ops);
1009 if (rc)
1010 goto done;
1011
1012 if (!c->has_seg_override)
1013 set_seg_override(c, VCPU_SREG_DS);
1014
1015 if (!(!c->twobyte && c->b == 0x8d))
1016 c->modrm_ea += seg_override_base(ctxt, c);
1017
1018 if (c->ad_bytes != 8)
1019 c->modrm_ea = (u32)c->modrm_ea;
1020 /*
1021 * Decode and fetch the source operand: register, memory
1022 * or immediate.
1023 */
1024 switch (c->d & SrcMask) {
1025 case SrcNone:
1026 break;
1027 case SrcReg:
1028 decode_register_operand(&c->src, c, 0);
1029 break;
1030 case SrcMem16:
1031 c->src.bytes = 2;
1032 goto srcmem_common;
1033 case SrcMem32:
1034 c->src.bytes = 4;
1035 goto srcmem_common;
1036 case SrcMem:
1037 c->src.bytes = (c->d & ByteOp) ? 1 :
1038 c->op_bytes;
1039 /* Don't fetch the address for invlpg: it could be unmapped. */
1040 if (c->twobyte && c->b == 0x01 && c->modrm_reg == 7)
1041 break;
1042 srcmem_common:
1043 /*
1044 * For instructions with a ModR/M byte, switch to register
1045 * access if Mod = 3.
1046 */
1047 if ((c->d & ModRM) && c->modrm_mod == 3) {
1048 c->src.type = OP_REG;
1049 c->src.val = c->modrm_val;
1050 c->src.ptr = c->modrm_ptr;
1051 break;
1052 }
1053 c->src.type = OP_MEM;
1054 break;
1055 case SrcImm:
1056 case SrcImmU:
1057 c->src.type = OP_IMM;
1058 c->src.ptr = (unsigned long *)c->eip;
1059 c->src.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1060 if (c->src.bytes == 8)
1061 c->src.bytes = 4;
1062 /* NB. Immediates are sign-extended as necessary. */
1063 switch (c->src.bytes) {
1064 case 1:
1065 c->src.val = insn_fetch(s8, 1, c->eip);
1066 break;
1067 case 2:
1068 c->src.val = insn_fetch(s16, 2, c->eip);
1069 break;
1070 case 4:
1071 c->src.val = insn_fetch(s32, 4, c->eip);
1072 break;
1073 }
1074 if ((c->d & SrcMask) == SrcImmU) {
1075 switch (c->src.bytes) {
1076 case 1:
1077 c->src.val &= 0xff;
1078 break;
1079 case 2:
1080 c->src.val &= 0xffff;
1081 break;
1082 case 4:
1083 c->src.val &= 0xffffffff;
1084 break;
1085 }
1086 }
1087 break;
1088 case SrcImmByte:
1089 case SrcImmUByte:
1090 c->src.type = OP_IMM;
1091 c->src.ptr = (unsigned long *)c->eip;
1092 c->src.bytes = 1;
1093 if ((c->d & SrcMask) == SrcImmByte)
1094 c->src.val = insn_fetch(s8, 1, c->eip);
1095 else
1096 c->src.val = insn_fetch(u8, 1, c->eip);
1097 break;
1098 case SrcOne:
1099 c->src.bytes = 1;
1100 c->src.val = 1;
1101 break;
1102 }
1103
1104 /*
1105 * Decode and fetch the second source operand: register, memory
1106 * or immediate.
1107 */
1108 switch (c->d & Src2Mask) {
1109 case Src2None:
1110 break;
1111 case Src2CL:
1112 c->src2.bytes = 1;
1113 c->src2.val = c->regs[VCPU_REGS_RCX] & 0x8;
1114 break;
1115 case Src2ImmByte:
1116 c->src2.type = OP_IMM;
1117 c->src2.ptr = (unsigned long *)c->eip;
1118 c->src2.bytes = 1;
1119 c->src2.val = insn_fetch(u8, 1, c->eip);
1120 break;
1121 case Src2Imm16:
1122 c->src2.type = OP_IMM;
1123 c->src2.ptr = (unsigned long *)c->eip;
1124 c->src2.bytes = 2;
1125 c->src2.val = insn_fetch(u16, 2, c->eip);
1126 break;
1127 case Src2One:
1128 c->src2.bytes = 1;
1129 c->src2.val = 1;
1130 break;
1131 }
1132
1133 /* Decode and fetch the destination operand: register or memory. */
1134 switch (c->d & DstMask) {
1135 case ImplicitOps:
1136 /* Special instructions do their own operand decoding. */
1137 return 0;
1138 case DstReg:
1139 decode_register_operand(&c->dst, c,
1140 c->twobyte && (c->b == 0xb6 || c->b == 0xb7));
1141 break;
1142 case DstMem:
1143 if ((c->d & ModRM) && c->modrm_mod == 3) {
1144 c->dst.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1145 c->dst.type = OP_REG;
1146 c->dst.val = c->dst.orig_val = c->modrm_val;
1147 c->dst.ptr = c->modrm_ptr;
1148 break;
1149 }
1150 c->dst.type = OP_MEM;
1151 break;
1152 case DstAcc:
1153 c->dst.type = OP_REG;
1154 c->dst.bytes = c->op_bytes;
1155 c->dst.ptr = &c->regs[VCPU_REGS_RAX];
1156 switch (c->op_bytes) {
1157 case 1:
1158 c->dst.val = *(u8 *)c->dst.ptr;
1159 break;
1160 case 2:
1161 c->dst.val = *(u16 *)c->dst.ptr;
1162 break;
1163 case 4:
1164 c->dst.val = *(u32 *)c->dst.ptr;
1165 break;
1166 }
1167 c->dst.orig_val = c->dst.val;
1168 break;
1169 }
1170
1171 if (c->rip_relative)
1172 c->modrm_ea += c->eip;
1173
1174 done:
1175 return (rc == X86EMUL_UNHANDLEABLE) ? -1 : 0;
1176 }
1177
1178 static inline void emulate_push(struct x86_emulate_ctxt *ctxt)
1179 {
1180 struct decode_cache *c = &ctxt->decode;
1181
1182 c->dst.type = OP_MEM;
1183 c->dst.bytes = c->op_bytes;
1184 c->dst.val = c->src.val;
1185 register_address_increment(c, &c->regs[VCPU_REGS_RSP], -c->op_bytes);
1186 c->dst.ptr = (void *) register_address(c, ss_base(ctxt),
1187 c->regs[VCPU_REGS_RSP]);
1188 }
1189
1190 static int emulate_pop(struct x86_emulate_ctxt *ctxt,
1191 struct x86_emulate_ops *ops,
1192 void *dest, int len)
1193 {
1194 struct decode_cache *c = &ctxt->decode;
1195 int rc;
1196
1197 rc = ops->read_emulated(register_address(c, ss_base(ctxt),
1198 c->regs[VCPU_REGS_RSP]),
1199 dest, len, ctxt->vcpu);
1200 if (rc != 0)
1201 return rc;
1202
1203 register_address_increment(c, &c->regs[VCPU_REGS_RSP], len);
1204 return rc;
1205 }
1206
1207 static inline int emulate_grp1a(struct x86_emulate_ctxt *ctxt,
1208 struct x86_emulate_ops *ops)
1209 {
1210 struct decode_cache *c = &ctxt->decode;
1211 int rc;
1212
1213 rc = emulate_pop(ctxt, ops, &c->dst.val, c->dst.bytes);
1214 if (rc != 0)
1215 return rc;
1216 return 0;
1217 }
1218
1219 static inline void emulate_grp2(struct x86_emulate_ctxt *ctxt)
1220 {
1221 struct decode_cache *c = &ctxt->decode;
1222 switch (c->modrm_reg) {
1223 case 0: /* rol */
1224 emulate_2op_SrcB("rol", c->src, c->dst, ctxt->eflags);
1225 break;
1226 case 1: /* ror */
1227 emulate_2op_SrcB("ror", c->src, c->dst, ctxt->eflags);
1228 break;
1229 case 2: /* rcl */
1230 emulate_2op_SrcB("rcl", c->src, c->dst, ctxt->eflags);
1231 break;
1232 case 3: /* rcr */
1233 emulate_2op_SrcB("rcr", c->src, c->dst, ctxt->eflags);
1234 break;
1235 case 4: /* sal/shl */
1236 case 6: /* sal/shl */
1237 emulate_2op_SrcB("sal", c->src, c->dst, ctxt->eflags);
1238 break;
1239 case 5: /* shr */
1240 emulate_2op_SrcB("shr", c->src, c->dst, ctxt->eflags);
1241 break;
1242 case 7: /* sar */
1243 emulate_2op_SrcB("sar", c->src, c->dst, ctxt->eflags);
1244 break;
1245 }
1246 }
1247
1248 static inline int emulate_grp3(struct x86_emulate_ctxt *ctxt,
1249 struct x86_emulate_ops *ops)
1250 {
1251 struct decode_cache *c = &ctxt->decode;
1252 int rc = 0;
1253
1254 switch (c->modrm_reg) {
1255 case 0 ... 1: /* test */
1256 emulate_2op_SrcV("test", c->src, c->dst, ctxt->eflags);
1257 break;
1258 case 2: /* not */
1259 c->dst.val = ~c->dst.val;
1260 break;
1261 case 3: /* neg */
1262 emulate_1op("neg", c->dst, ctxt->eflags);
1263 break;
1264 default:
1265 DPRINTF("Cannot emulate %02x\n", c->b);
1266 rc = X86EMUL_UNHANDLEABLE;
1267 break;
1268 }
1269 return rc;
1270 }
1271
1272 static inline int emulate_grp45(struct x86_emulate_ctxt *ctxt,
1273 struct x86_emulate_ops *ops)
1274 {
1275 struct decode_cache *c = &ctxt->decode;
1276
1277 switch (c->modrm_reg) {
1278 case 0: /* inc */
1279 emulate_1op("inc", c->dst, ctxt->eflags);
1280 break;
1281 case 1: /* dec */
1282 emulate_1op("dec", c->dst, ctxt->eflags);
1283 break;
1284 case 2: /* call near abs */ {
1285 long int old_eip;
1286 old_eip = c->eip;
1287 c->eip = c->src.val;
1288 c->src.val = old_eip;
1289 emulate_push(ctxt);
1290 break;
1291 }
1292 case 4: /* jmp abs */
1293 c->eip = c->src.val;
1294 break;
1295 case 6: /* push */
1296 emulate_push(ctxt);
1297 break;
1298 }
1299 return 0;
1300 }
1301
1302 static inline int emulate_grp9(struct x86_emulate_ctxt *ctxt,
1303 struct x86_emulate_ops *ops,
1304 unsigned long memop)
1305 {
1306 struct decode_cache *c = &ctxt->decode;
1307 u64 old, new;
1308 int rc;
1309
1310 rc = ops->read_emulated(memop, &old, 8, ctxt->vcpu);
1311 if (rc != 0)
1312 return rc;
1313
1314 if (((u32) (old >> 0) != (u32) c->regs[VCPU_REGS_RAX]) ||
1315 ((u32) (old >> 32) != (u32) c->regs[VCPU_REGS_RDX])) {
1316
1317 c->regs[VCPU_REGS_RAX] = (u32) (old >> 0);
1318 c->regs[VCPU_REGS_RDX] = (u32) (old >> 32);
1319 ctxt->eflags &= ~EFLG_ZF;
1320
1321 } else {
1322 new = ((u64)c->regs[VCPU_REGS_RCX] << 32) |
1323 (u32) c->regs[VCPU_REGS_RBX];
1324
1325 rc = ops->cmpxchg_emulated(memop, &old, &new, 8, ctxt->vcpu);
1326 if (rc != 0)
1327 return rc;
1328 ctxt->eflags |= EFLG_ZF;
1329 }
1330 return 0;
1331 }
1332
1333 static int emulate_ret_far(struct x86_emulate_ctxt *ctxt,
1334 struct x86_emulate_ops *ops)
1335 {
1336 struct decode_cache *c = &ctxt->decode;
1337 int rc;
1338 unsigned long cs;
1339
1340 rc = emulate_pop(ctxt, ops, &c->eip, c->op_bytes);
1341 if (rc)
1342 return rc;
1343 if (c->op_bytes == 4)
1344 c->eip = (u32)c->eip;
1345 rc = emulate_pop(ctxt, ops, &cs, c->op_bytes);
1346 if (rc)
1347 return rc;
1348 rc = kvm_load_segment_descriptor(ctxt->vcpu, (u16)cs, 1, VCPU_SREG_CS);
1349 return rc;
1350 }
1351
1352 static inline int writeback(struct x86_emulate_ctxt *ctxt,
1353 struct x86_emulate_ops *ops)
1354 {
1355 int rc;
1356 struct decode_cache *c = &ctxt->decode;
1357
1358 switch (c->dst.type) {
1359 case OP_REG:
1360 /* The 4-byte case *is* correct:
1361 * in 64-bit mode we zero-extend.
1362 */
1363 switch (c->dst.bytes) {
1364 case 1:
1365 *(u8 *)c->dst.ptr = (u8)c->dst.val;
1366 break;
1367 case 2:
1368 *(u16 *)c->dst.ptr = (u16)c->dst.val;
1369 break;
1370 case 4:
1371 *c->dst.ptr = (u32)c->dst.val;
1372 break; /* 64b: zero-ext */
1373 case 8:
1374 *c->dst.ptr = c->dst.val;
1375 break;
1376 }
1377 break;
1378 case OP_MEM:
1379 if (c->lock_prefix)
1380 rc = ops->cmpxchg_emulated(
1381 (unsigned long)c->dst.ptr,
1382 &c->dst.orig_val,
1383 &c->dst.val,
1384 c->dst.bytes,
1385 ctxt->vcpu);
1386 else
1387 rc = ops->write_emulated(
1388 (unsigned long)c->dst.ptr,
1389 &c->dst.val,
1390 c->dst.bytes,
1391 ctxt->vcpu);
1392 if (rc != 0)
1393 return rc;
1394 break;
1395 case OP_NONE:
1396 /* no writeback */
1397 break;
1398 default:
1399 break;
1400 }
1401 return 0;
1402 }
1403
1404 static void toggle_interruptibility(struct x86_emulate_ctxt *ctxt, u32 mask)
1405 {
1406 u32 int_shadow = kvm_x86_ops->get_interrupt_shadow(ctxt->vcpu, mask);
1407 /*
1408 * an sti; sti; sequence only disable interrupts for the first
1409 * instruction. So, if the last instruction, be it emulated or
1410 * not, left the system with the INT_STI flag enabled, it
1411 * means that the last instruction is an sti. We should not
1412 * leave the flag on in this case. The same goes for mov ss
1413 */
1414 if (!(int_shadow & mask))
1415 ctxt->interruptibility = mask;
1416 }
1417
1418 static inline void
1419 setup_syscalls_segments(struct x86_emulate_ctxt *ctxt,
1420 struct kvm_segment *cs, struct kvm_segment *ss)
1421 {
1422 memset(cs, 0, sizeof(struct kvm_segment));
1423 kvm_x86_ops->get_segment(ctxt->vcpu, cs, VCPU_SREG_CS);
1424 memset(ss, 0, sizeof(struct kvm_segment));
1425
1426 cs->l = 0; /* will be adjusted later */
1427 cs->base = 0; /* flat segment */
1428 cs->g = 1; /* 4kb granularity */
1429 cs->limit = 0xffffffff; /* 4GB limit */
1430 cs->type = 0x0b; /* Read, Execute, Accessed */
1431 cs->s = 1;
1432 cs->dpl = 0; /* will be adjusted later */
1433 cs->present = 1;
1434 cs->db = 1;
1435
1436 ss->unusable = 0;
1437 ss->base = 0; /* flat segment */
1438 ss->limit = 0xffffffff; /* 4GB limit */
1439 ss->g = 1; /* 4kb granularity */
1440 ss->s = 1;
1441 ss->type = 0x03; /* Read/Write, Accessed */
1442 ss->db = 1; /* 32bit stack segment */
1443 ss->dpl = 0;
1444 ss->present = 1;
1445 }
1446
1447 static int
1448 emulate_syscall(struct x86_emulate_ctxt *ctxt)
1449 {
1450 struct decode_cache *c = &ctxt->decode;
1451 struct kvm_segment cs, ss;
1452 u64 msr_data;
1453
1454 /* syscall is not available in real mode */
1455 if (c->lock_prefix || ctxt->mode == X86EMUL_MODE_REAL
1456 || !(ctxt->vcpu->arch.cr0 & X86_CR0_PE))
1457 return -1;
1458
1459 setup_syscalls_segments(ctxt, &cs, &ss);
1460
1461 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_STAR, &msr_data);
1462 msr_data >>= 32;
1463 cs.selector = (u16)(msr_data & 0xfffc);
1464 ss.selector = (u16)(msr_data + 8);
1465
1466 if (is_long_mode(ctxt->vcpu)) {
1467 cs.db = 0;
1468 cs.l = 1;
1469 }
1470 kvm_x86_ops->set_segment(ctxt->vcpu, &cs, VCPU_SREG_CS);
1471 kvm_x86_ops->set_segment(ctxt->vcpu, &ss, VCPU_SREG_SS);
1472
1473 c->regs[VCPU_REGS_RCX] = c->eip;
1474 if (is_long_mode(ctxt->vcpu)) {
1475 #ifdef CONFIG_X86_64
1476 c->regs[VCPU_REGS_R11] = ctxt->eflags & ~EFLG_RF;
1477
1478 kvm_x86_ops->get_msr(ctxt->vcpu,
1479 ctxt->mode == X86EMUL_MODE_PROT64 ?
1480 MSR_LSTAR : MSR_CSTAR, &msr_data);
1481 c->eip = msr_data;
1482
1483 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_SYSCALL_MASK, &msr_data);
1484 ctxt->eflags &= ~(msr_data | EFLG_RF);
1485 #endif
1486 } else {
1487 /* legacy mode */
1488 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_STAR, &msr_data);
1489 c->eip = (u32)msr_data;
1490
1491 ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF);
1492 }
1493
1494 return 0;
1495 }
1496
1497 static int
1498 emulate_sysenter(struct x86_emulate_ctxt *ctxt)
1499 {
1500 struct decode_cache *c = &ctxt->decode;
1501 struct kvm_segment cs, ss;
1502 u64 msr_data;
1503
1504 /* inject #UD if LOCK prefix is used */
1505 if (c->lock_prefix)
1506 return -1;
1507
1508 /* inject #GP if in real mode or paging is disabled */
1509 if (ctxt->mode == X86EMUL_MODE_REAL ||
1510 !(ctxt->vcpu->arch.cr0 & X86_CR0_PE)) {
1511 kvm_inject_gp(ctxt->vcpu, 0);
1512 return -1;
1513 }
1514
1515 /* XXX sysenter/sysexit have not been tested in 64bit mode.
1516 * Therefore, we inject an #UD.
1517 */
1518 if (ctxt->mode == X86EMUL_MODE_PROT64)
1519 return -1;
1520
1521 setup_syscalls_segments(ctxt, &cs, &ss);
1522
1523 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_IA32_SYSENTER_CS, &msr_data);
1524 switch (ctxt->mode) {
1525 case X86EMUL_MODE_PROT32:
1526 if ((msr_data & 0xfffc) == 0x0) {
1527 kvm_inject_gp(ctxt->vcpu, 0);
1528 return -1;
1529 }
1530 break;
1531 case X86EMUL_MODE_PROT64:
1532 if (msr_data == 0x0) {
1533 kvm_inject_gp(ctxt->vcpu, 0);
1534 return -1;
1535 }
1536 break;
1537 }
1538
1539 ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF);
1540 cs.selector = (u16)msr_data;
1541 cs.selector &= ~SELECTOR_RPL_MASK;
1542 ss.selector = cs.selector + 8;
1543 ss.selector &= ~SELECTOR_RPL_MASK;
1544 if (ctxt->mode == X86EMUL_MODE_PROT64
1545 || is_long_mode(ctxt->vcpu)) {
1546 cs.db = 0;
1547 cs.l = 1;
1548 }
1549
1550 kvm_x86_ops->set_segment(ctxt->vcpu, &cs, VCPU_SREG_CS);
1551 kvm_x86_ops->set_segment(ctxt->vcpu, &ss, VCPU_SREG_SS);
1552
1553 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_IA32_SYSENTER_EIP, &msr_data);
1554 c->eip = msr_data;
1555
1556 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_IA32_SYSENTER_ESP, &msr_data);
1557 c->regs[VCPU_REGS_RSP] = msr_data;
1558
1559 return 0;
1560 }
1561
1562 static int
1563 emulate_sysexit(struct x86_emulate_ctxt *ctxt)
1564 {
1565 struct decode_cache *c = &ctxt->decode;
1566 struct kvm_segment cs, ss;
1567 u64 msr_data;
1568 int usermode;
1569
1570 /* inject #UD if LOCK prefix is used */
1571 if (c->lock_prefix)
1572 return -1;
1573
1574 /* inject #GP if in real mode or paging is disabled */
1575 if (ctxt->mode == X86EMUL_MODE_REAL
1576 || !(ctxt->vcpu->arch.cr0 & X86_CR0_PE)) {
1577 kvm_inject_gp(ctxt->vcpu, 0);
1578 return -1;
1579 }
1580
1581 setup_syscalls_segments(ctxt, &cs, &ss);
1582
1583 if ((c->rex_prefix & 0x8) != 0x0)
1584 usermode = X86EMUL_MODE_PROT64;
1585 else
1586 usermode = X86EMUL_MODE_PROT32;
1587
1588 cs.dpl = 3;
1589 ss.dpl = 3;
1590 kvm_x86_ops->get_msr(ctxt->vcpu, MSR_IA32_SYSENTER_CS, &msr_data);
1591 switch (usermode) {
1592 case X86EMUL_MODE_PROT32:
1593 cs.selector = (u16)(msr_data + 16);
1594 if ((msr_data & 0xfffc) == 0x0) {
1595 kvm_inject_gp(ctxt->vcpu, 0);
1596 return -1;
1597 }
1598 ss.selector = (u16)(msr_data + 24);
1599 break;
1600 case X86EMUL_MODE_PROT64:
1601 cs.selector = (u16)(msr_data + 32);
1602 if (msr_data == 0x0) {
1603 kvm_inject_gp(ctxt->vcpu, 0);
1604 return -1;
1605 }
1606 ss.selector = cs.selector + 8;
1607 cs.db = 0;
1608 cs.l = 1;
1609 break;
1610 }
1611 cs.selector |= SELECTOR_RPL_MASK;
1612 ss.selector |= SELECTOR_RPL_MASK;
1613
1614 kvm_x86_ops->set_segment(ctxt->vcpu, &cs, VCPU_SREG_CS);
1615 kvm_x86_ops->set_segment(ctxt->vcpu, &ss, VCPU_SREG_SS);
1616
1617 c->eip = ctxt->vcpu->arch.regs[VCPU_REGS_RDX];
1618 c->regs[VCPU_REGS_RSP] = ctxt->vcpu->arch.regs[VCPU_REGS_RCX];
1619
1620 return 0;
1621 }
1622
1623 int
1624 x86_emulate_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
1625 {
1626 unsigned long memop = 0;
1627 u64 msr_data;
1628 unsigned long saved_eip = 0;
1629 struct decode_cache *c = &ctxt->decode;
1630 unsigned int port;
1631 int io_dir_in;
1632 int rc = 0;
1633
1634 ctxt->interruptibility = 0;
1635
1636 /* Shadow copy of register state. Committed on successful emulation.
1637 * NOTE: we can copy them from vcpu as x86_decode_insn() doesn't
1638 * modify them.
1639 */
1640
1641 memcpy(c->regs, ctxt->vcpu->arch.regs, sizeof c->regs);
1642 saved_eip = c->eip;
1643
1644 /* Privileged instruction can be executed only in CPL=0 */
1645 if ((c->d & Priv) && kvm_x86_ops->get_cpl(ctxt->vcpu)) {
1646 kvm_inject_gp(ctxt->vcpu, 0);
1647 goto done;
1648 }
1649
1650 if (((c->d & ModRM) && (c->modrm_mod != 3)) || (c->d & MemAbs))
1651 memop = c->modrm_ea;
1652
1653 if (c->rep_prefix && (c->d & String)) {
1654 /* All REP prefixes have the same first termination condition */
1655 if (c->regs[VCPU_REGS_RCX] == 0) {
1656 kvm_rip_write(ctxt->vcpu, c->eip);
1657 goto done;
1658 }
1659 /* The second termination condition only applies for REPE
1660 * and REPNE. Test if the repeat string operation prefix is
1661 * REPE/REPZ or REPNE/REPNZ and if it's the case it tests the
1662 * corresponding termination condition according to:
1663 * - if REPE/REPZ and ZF = 0 then done
1664 * - if REPNE/REPNZ and ZF = 1 then done
1665 */
1666 if ((c->b == 0xa6) || (c->b == 0xa7) ||
1667 (c->b == 0xae) || (c->b == 0xaf)) {
1668 if ((c->rep_prefix == REPE_PREFIX) &&
1669 ((ctxt->eflags & EFLG_ZF) == 0)) {
1670 kvm_rip_write(ctxt->vcpu, c->eip);
1671 goto done;
1672 }
1673 if ((c->rep_prefix == REPNE_PREFIX) &&
1674 ((ctxt->eflags & EFLG_ZF) == EFLG_ZF)) {
1675 kvm_rip_write(ctxt->vcpu, c->eip);
1676 goto done;
1677 }
1678 }
1679 c->regs[VCPU_REGS_RCX]--;
1680 c->eip = kvm_rip_read(ctxt->vcpu);
1681 }
1682
1683 if (c->src.type == OP_MEM) {
1684 c->src.ptr = (unsigned long *)memop;
1685 c->src.val = 0;
1686 rc = ops->read_emulated((unsigned long)c->src.ptr,
1687 &c->src.val,
1688 c->src.bytes,
1689 ctxt->vcpu);
1690 if (rc != 0)
1691 goto done;
1692 c->src.orig_val = c->src.val;
1693 }
1694
1695 if ((c->d & DstMask) == ImplicitOps)
1696 goto special_insn;
1697
1698
1699 if (c->dst.type == OP_MEM) {
1700 c->dst.ptr = (unsigned long *)memop;
1701 c->dst.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1702 c->dst.val = 0;
1703 if (c->d & BitOp) {
1704 unsigned long mask = ~(c->dst.bytes * 8 - 1);
1705
1706 c->dst.ptr = (void *)c->dst.ptr +
1707 (c->src.val & mask) / 8;
1708 }
1709 if (!(c->d & Mov) &&
1710 /* optimisation - avoid slow emulated read */
1711 ((rc = ops->read_emulated((unsigned long)c->dst.ptr,
1712 &c->dst.val,
1713 c->dst.bytes, ctxt->vcpu)) != 0))
1714 goto done;
1715 }
1716 c->dst.orig_val = c->dst.val;
1717
1718 special_insn:
1719
1720 if (c->twobyte)
1721 goto twobyte_insn;
1722
1723 switch (c->b) {
1724 case 0x00 ... 0x05:
1725 add: /* add */
1726 emulate_2op_SrcV("add", c->src, c->dst, ctxt->eflags);
1727 break;
1728 case 0x08 ... 0x0d:
1729 or: /* or */
1730 emulate_2op_SrcV("or", c->src, c->dst, ctxt->eflags);
1731 break;
1732 case 0x10 ... 0x15:
1733 adc: /* adc */
1734 emulate_2op_SrcV("adc", c->src, c->dst, ctxt->eflags);
1735 break;
1736 case 0x18 ... 0x1d:
1737 sbb: /* sbb */
1738 emulate_2op_SrcV("sbb", c->src, c->dst, ctxt->eflags);
1739 break;
1740 case 0x20 ... 0x25:
1741 and: /* and */
1742 emulate_2op_SrcV("and", c->src, c->dst, ctxt->eflags);
1743 break;
1744 case 0x28 ... 0x2d:
1745 sub: /* sub */
1746 emulate_2op_SrcV("sub", c->src, c->dst, ctxt->eflags);
1747 break;
1748 case 0x30 ... 0x35:
1749 xor: /* xor */
1750 emulate_2op_SrcV("xor", c->src, c->dst, ctxt->eflags);
1751 break;
1752 case 0x38 ... 0x3d:
1753 cmp: /* cmp */
1754 emulate_2op_SrcV("cmp", c->src, c->dst, ctxt->eflags);
1755 break;
1756 case 0x40 ... 0x47: /* inc r16/r32 */
1757 emulate_1op("inc", c->dst, ctxt->eflags);
1758 break;
1759 case 0x48 ... 0x4f: /* dec r16/r32 */
1760 emulate_1op("dec", c->dst, ctxt->eflags);
1761 break;
1762 case 0x50 ... 0x57: /* push reg */
1763 emulate_push(ctxt);
1764 break;
1765 case 0x58 ... 0x5f: /* pop reg */
1766 pop_instruction:
1767 rc = emulate_pop(ctxt, ops, &c->dst.val, c->op_bytes);
1768 if (rc != 0)
1769 goto done;
1770 break;
1771 case 0x63: /* movsxd */
1772 if (ctxt->mode != X86EMUL_MODE_PROT64)
1773 goto cannot_emulate;
1774 c->dst.val = (s32) c->src.val;
1775 break;
1776 case 0x68: /* push imm */
1777 case 0x6a: /* push imm8 */
1778 emulate_push(ctxt);
1779 break;
1780 case 0x6c: /* insb */
1781 case 0x6d: /* insw/insd */
1782 if (kvm_emulate_pio_string(ctxt->vcpu, NULL,
1783 1,
1784 (c->d & ByteOp) ? 1 : c->op_bytes,
1785 c->rep_prefix ?
1786 address_mask(c, c->regs[VCPU_REGS_RCX]) : 1,
1787 (ctxt->eflags & EFLG_DF),
1788 register_address(c, es_base(ctxt),
1789 c->regs[VCPU_REGS_RDI]),
1790 c->rep_prefix,
1791 c->regs[VCPU_REGS_RDX]) == 0) {
1792 c->eip = saved_eip;
1793 return -1;
1794 }
1795 return 0;
1796 case 0x6e: /* outsb */
1797 case 0x6f: /* outsw/outsd */
1798 if (kvm_emulate_pio_string(ctxt->vcpu, NULL,
1799 0,
1800 (c->d & ByteOp) ? 1 : c->op_bytes,
1801 c->rep_prefix ?
1802 address_mask(c, c->regs[VCPU_REGS_RCX]) : 1,
1803 (ctxt->eflags & EFLG_DF),
1804 register_address(c,
1805 seg_override_base(ctxt, c),
1806 c->regs[VCPU_REGS_RSI]),
1807 c->rep_prefix,
1808 c->regs[VCPU_REGS_RDX]) == 0) {
1809 c->eip = saved_eip;
1810 return -1;
1811 }
1812 return 0;
1813 case 0x70 ... 0x7f: /* jcc (short) */
1814 if (test_cc(c->b, ctxt->eflags))
1815 jmp_rel(c, c->src.val);
1816 break;
1817 case 0x80 ... 0x83: /* Grp1 */
1818 switch (c->modrm_reg) {
1819 case 0:
1820 goto add;
1821 case 1:
1822 goto or;
1823 case 2:
1824 goto adc;
1825 case 3:
1826 goto sbb;
1827 case 4:
1828 goto and;
1829 case 5:
1830 goto sub;
1831 case 6:
1832 goto xor;
1833 case 7:
1834 goto cmp;
1835 }
1836 break;
1837 case 0x84 ... 0x85:
1838 emulate_2op_SrcV("test", c->src, c->dst, ctxt->eflags);
1839 break;
1840 case 0x86 ... 0x87: /* xchg */
1841 xchg:
1842 /* Write back the register source. */
1843 switch (c->dst.bytes) {
1844 case 1:
1845 *(u8 *) c->src.ptr = (u8) c->dst.val;
1846 break;
1847 case 2:
1848 *(u16 *) c->src.ptr = (u16) c->dst.val;
1849 break;
1850 case 4:
1851 *c->src.ptr = (u32) c->dst.val;
1852 break; /* 64b reg: zero-extend */
1853 case 8:
1854 *c->src.ptr = c->dst.val;
1855 break;
1856 }
1857 /*
1858 * Write back the memory destination with implicit LOCK
1859 * prefix.
1860 */
1861 c->dst.val = c->src.val;
1862 c->lock_prefix = 1;
1863 break;
1864 case 0x88 ... 0x8b: /* mov */
1865 goto mov;
1866 case 0x8c: { /* mov r/m, sreg */
1867 struct kvm_segment segreg;
1868
1869 if (c->modrm_reg <= 5)
1870 kvm_get_segment(ctxt->vcpu, &segreg, c->modrm_reg);
1871 else {
1872 printk(KERN_INFO "0x8c: Invalid segreg in modrm byte 0x%02x\n",
1873 c->modrm);
1874 goto cannot_emulate;
1875 }
1876 c->dst.val = segreg.selector;
1877 break;
1878 }
1879 case 0x8d: /* lea r16/r32, m */
1880 c->dst.val = c->modrm_ea;
1881 break;
1882 case 0x8e: { /* mov seg, r/m16 */
1883 uint16_t sel;
1884 int type_bits;
1885 int err;
1886
1887 sel = c->src.val;
1888
1889 if (c->modrm_reg == VCPU_SREG_CS) {
1890 kvm_queue_exception(ctxt->vcpu, UD_VECTOR);
1891 goto done;
1892 }
1893
1894 if (c->modrm_reg == VCPU_SREG_SS)
1895 toggle_interruptibility(ctxt, X86_SHADOW_INT_MOV_SS);
1896
1897 if (c->modrm_reg <= 5) {
1898 type_bits = (c->modrm_reg == 1) ? 9 : 1;
1899 err = kvm_load_segment_descriptor(ctxt->vcpu, sel,
1900 type_bits, c->modrm_reg);
1901 } else {
1902 printk(KERN_INFO "Invalid segreg in modrm byte 0x%02x\n",
1903 c->modrm);
1904 goto cannot_emulate;
1905 }
1906
1907 if (err < 0)
1908 goto cannot_emulate;
1909
1910 c->dst.type = OP_NONE; /* Disable writeback. */
1911 break;
1912 }
1913 case 0x8f: /* pop (sole member of Grp1a) */
1914 rc = emulate_grp1a(ctxt, ops);
1915 if (rc != 0)
1916 goto done;
1917 break;
1918 case 0x90: /* nop / xchg r8,rax */
1919 if (!(c->rex_prefix & 1)) { /* nop */
1920 c->dst.type = OP_NONE;
1921 break;
1922 }
1923 case 0x91 ... 0x97: /* xchg reg,rax */
1924 c->src.type = c->dst.type = OP_REG;
1925 c->src.bytes = c->dst.bytes = c->op_bytes;
1926 c->src.ptr = (unsigned long *) &c->regs[VCPU_REGS_RAX];
1927 c->src.val = *(c->src.ptr);
1928 goto xchg;
1929 case 0x9c: /* pushf */
1930 c->src.val = (unsigned long) ctxt->eflags;
1931 emulate_push(ctxt);
1932 break;
1933 case 0x9d: /* popf */
1934 c->dst.type = OP_REG;
1935 c->dst.ptr = (unsigned long *) &ctxt->eflags;
1936 c->dst.bytes = c->op_bytes;
1937 goto pop_instruction;
1938 case 0xa0 ... 0xa1: /* mov */
1939 c->dst.ptr = (unsigned long *)&c->regs[VCPU_REGS_RAX];
1940 c->dst.val = c->src.val;
1941 break;
1942 case 0xa2 ... 0xa3: /* mov */
1943 c->dst.val = (unsigned long)c->regs[VCPU_REGS_RAX];
1944 break;
1945 case 0xa4 ... 0xa5: /* movs */
1946 c->dst.type = OP_MEM;
1947 c->dst.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1948 c->dst.ptr = (unsigned long *)register_address(c,
1949 es_base(ctxt),
1950 c->regs[VCPU_REGS_RDI]);
1951 if ((rc = ops->read_emulated(register_address(c,
1952 seg_override_base(ctxt, c),
1953 c->regs[VCPU_REGS_RSI]),
1954 &c->dst.val,
1955 c->dst.bytes, ctxt->vcpu)) != 0)
1956 goto done;
1957 register_address_increment(c, &c->regs[VCPU_REGS_RSI],
1958 (ctxt->eflags & EFLG_DF) ? -c->dst.bytes
1959 : c->dst.bytes);
1960 register_address_increment(c, &c->regs[VCPU_REGS_RDI],
1961 (ctxt->eflags & EFLG_DF) ? -c->dst.bytes
1962 : c->dst.bytes);
1963 break;
1964 case 0xa6 ... 0xa7: /* cmps */
1965 c->src.type = OP_NONE; /* Disable writeback. */
1966 c->src.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1967 c->src.ptr = (unsigned long *)register_address(c,
1968 seg_override_base(ctxt, c),
1969 c->regs[VCPU_REGS_RSI]);
1970 if ((rc = ops->read_emulated((unsigned long)c->src.ptr,
1971 &c->src.val,
1972 c->src.bytes,
1973 ctxt->vcpu)) != 0)
1974 goto done;
1975
1976 c->dst.type = OP_NONE; /* Disable writeback. */
1977 c->dst.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
1978 c->dst.ptr = (unsigned long *)register_address(c,
1979 es_base(ctxt),
1980 c->regs[VCPU_REGS_RDI]);
1981 if ((rc = ops->read_emulated((unsigned long)c->dst.ptr,
1982 &c->dst.val,
1983 c->dst.bytes,
1984 ctxt->vcpu)) != 0)
1985 goto done;
1986
1987 DPRINTF("cmps: mem1=0x%p mem2=0x%p\n", c->src.ptr, c->dst.ptr);
1988
1989 emulate_2op_SrcV("cmp", c->src, c->dst, ctxt->eflags);
1990
1991 register_address_increment(c, &c->regs[VCPU_REGS_RSI],
1992 (ctxt->eflags & EFLG_DF) ? -c->src.bytes
1993 : c->src.bytes);
1994 register_address_increment(c, &c->regs[VCPU_REGS_RDI],
1995 (ctxt->eflags & EFLG_DF) ? -c->dst.bytes
1996 : c->dst.bytes);
1997
1998 break;
1999 case 0xaa ... 0xab: /* stos */
2000 c->dst.type = OP_MEM;
2001 c->dst.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
2002 c->dst.ptr = (unsigned long *)register_address(c,
2003 es_base(ctxt),
2004 c->regs[VCPU_REGS_RDI]);
2005 c->dst.val = c->regs[VCPU_REGS_RAX];
2006 register_address_increment(c, &c->regs[VCPU_REGS_RDI],
2007 (ctxt->eflags & EFLG_DF) ? -c->dst.bytes
2008 : c->dst.bytes);
2009 break;
2010 case 0xac ... 0xad: /* lods */
2011 c->dst.type = OP_REG;
2012 c->dst.bytes = (c->d & ByteOp) ? 1 : c->op_bytes;
2013 c->dst.ptr = (unsigned long *)&c->regs[VCPU_REGS_RAX];
2014 if ((rc = ops->read_emulated(register_address(c,
2015 seg_override_base(ctxt, c),
2016 c->regs[VCPU_REGS_RSI]),
2017 &c->dst.val,
2018 c->dst.bytes,
2019 ctxt->vcpu)) != 0)
2020 goto done;
2021 register_address_increment(c, &c->regs[VCPU_REGS_RSI],
2022 (ctxt->eflags & EFLG_DF) ? -c->dst.bytes
2023 : c->dst.bytes);
2024 break;
2025 case 0xae ... 0xaf: /* scas */
2026 DPRINTF("Urk! I don't handle SCAS.\n");
2027 goto cannot_emulate;
2028 case 0xb0 ... 0xbf: /* mov r, imm */
2029 goto mov;
2030 case 0xc0 ... 0xc1:
2031 emulate_grp2(ctxt);
2032 break;
2033 case 0xc3: /* ret */
2034 c->dst.type = OP_REG;
2035 c->dst.ptr = &c->eip;
2036 c->dst.bytes = c->op_bytes;
2037 goto pop_instruction;
2038 case 0xc6 ... 0xc7: /* mov (sole member of Grp11) */
2039 mov:
2040 c->dst.val = c->src.val;
2041 break;
2042 case 0xcb: /* ret far */
2043 rc = emulate_ret_far(ctxt, ops);
2044 if (rc)
2045 goto done;
2046 break;
2047 case 0xd0 ... 0xd1: /* Grp2 */
2048 c->src.val = 1;
2049 emulate_grp2(ctxt);
2050 break;
2051 case 0xd2 ... 0xd3: /* Grp2 */
2052 c->src.val = c->regs[VCPU_REGS_RCX];
2053 emulate_grp2(ctxt);
2054 break;
2055 case 0xe4: /* inb */
2056 case 0xe5: /* in */
2057 port = c->src.val;
2058 io_dir_in = 1;
2059 goto do_io;
2060 case 0xe6: /* outb */
2061 case 0xe7: /* out */
2062 port = c->src.val;
2063 io_dir_in = 0;
2064 goto do_io;
2065 case 0xe8: /* call (near) */ {
2066 long int rel = c->src.val;
2067 c->src.val = (unsigned long) c->eip;
2068 jmp_rel(c, rel);
2069 emulate_push(ctxt);
2070 break;
2071 }
2072 case 0xe9: /* jmp rel */
2073 goto jmp;
2074 case 0xea: /* jmp far */
2075 if (kvm_load_segment_descriptor(ctxt->vcpu, c->src2.val, 9,
2076 VCPU_SREG_CS) < 0) {
2077 DPRINTF("jmp far: Failed to load CS descriptor\n");
2078 goto cannot_emulate;
2079 }
2080
2081 c->eip = c->src.val;
2082 break;
2083 case 0xeb:
2084 jmp: /* jmp rel short */
2085 jmp_rel(c, c->src.val);
2086 c->dst.type = OP_NONE; /* Disable writeback. */
2087 break;
2088 case 0xec: /* in al,dx */
2089 case 0xed: /* in (e/r)ax,dx */
2090 port = c->regs[VCPU_REGS_RDX];
2091 io_dir_in = 1;
2092 goto do_io;
2093 case 0xee: /* out al,dx */
2094 case 0xef: /* out (e/r)ax,dx */
2095 port = c->regs[VCPU_REGS_RDX];
2096 io_dir_in = 0;
2097 do_io: if (kvm_emulate_pio(ctxt->vcpu, NULL, io_dir_in,
2098 (c->d & ByteOp) ? 1 : c->op_bytes,
2099 port) != 0) {
2100 c->eip = saved_eip;
2101 goto cannot_emulate;
2102 }
2103 break;
2104 case 0xf4: /* hlt */
2105 ctxt->vcpu->arch.halt_request = 1;
2106 break;
2107 case 0xf5: /* cmc */
2108 /* complement carry flag from eflags reg */
2109 ctxt->eflags ^= EFLG_CF;
2110 c->dst.type = OP_NONE; /* Disable writeback. */
2111 break;
2112 case 0xf6 ... 0xf7: /* Grp3 */
2113 rc = emulate_grp3(ctxt, ops);
2114 if (rc != 0)
2115 goto done;
2116 break;
2117 case 0xf8: /* clc */
2118 ctxt->eflags &= ~EFLG_CF;
2119 c->dst.type = OP_NONE; /* Disable writeback. */
2120 break;
2121 case 0xfa: /* cli */
2122 ctxt->eflags &= ~X86_EFLAGS_IF;
2123 c->dst.type = OP_NONE; /* Disable writeback. */
2124 break;
2125 case 0xfb: /* sti */
2126 toggle_interruptibility(ctxt, X86_SHADOW_INT_STI);
2127 ctxt->eflags |= X86_EFLAGS_IF;
2128 c->dst.type = OP_NONE; /* Disable writeback. */
2129 break;
2130 case 0xfc: /* cld */
2131 ctxt->eflags &= ~EFLG_DF;
2132 c->dst.type = OP_NONE; /* Disable writeback. */
2133 break;
2134 case 0xfd: /* std */
2135 ctxt->eflags |= EFLG_DF;
2136 c->dst.type = OP_NONE; /* Disable writeback. */
2137 break;
2138 case 0xfe ... 0xff: /* Grp4/Grp5 */
2139 rc = emulate_grp45(ctxt, ops);
2140 if (rc != 0)
2141 goto done;
2142 break;
2143 }
2144
2145 writeback:
2146 rc = writeback(ctxt, ops);
2147 if (rc != 0)
2148 goto done;
2149
2150 /* Commit shadow register state. */
2151 memcpy(ctxt->vcpu->arch.regs, c->regs, sizeof c->regs);
2152 kvm_rip_write(ctxt->vcpu, c->eip);
2153
2154 done:
2155 if (rc == X86EMUL_UNHANDLEABLE) {
2156 c->eip = saved_eip;
2157 return -1;
2158 }
2159 return 0;
2160
2161 twobyte_insn:
2162 switch (c->b) {
2163 case 0x01: /* lgdt, lidt, lmsw */
2164 switch (c->modrm_reg) {
2165 u16 size;
2166 unsigned long address;
2167
2168 case 0: /* vmcall */
2169 if (c->modrm_mod != 3 || c->modrm_rm != 1)
2170 goto cannot_emulate;
2171
2172 rc = kvm_fix_hypercall(ctxt->vcpu);
2173 if (rc)
2174 goto done;
2175
2176 /* Let the processor re-execute the fixed hypercall */
2177 c->eip = kvm_rip_read(ctxt->vcpu);
2178 /* Disable writeback. */
2179 c->dst.type = OP_NONE;
2180 break;
2181 case 2: /* lgdt */
2182 rc = read_descriptor(ctxt, ops, c->src.ptr,
2183 &size, &address, c->op_bytes);
2184 if (rc)
2185 goto done;
2186 realmode_lgdt(ctxt->vcpu, size, address);
2187 /* Disable writeback. */
2188 c->dst.type = OP_NONE;
2189 break;
2190 case 3: /* lidt/vmmcall */
2191 if (c->modrm_mod == 3) {
2192 switch (c->modrm_rm) {
2193 case 1:
2194 rc = kvm_fix_hypercall(ctxt->vcpu);
2195 if (rc)
2196 goto done;
2197 break;
2198 default:
2199 goto cannot_emulate;
2200 }
2201 } else {
2202 rc = read_descriptor(ctxt, ops, c->src.ptr,
2203 &size, &address,
2204 c->op_bytes);
2205 if (rc)
2206 goto done;
2207 realmode_lidt(ctxt->vcpu, size, address);
2208 }
2209 /* Disable writeback. */
2210 c->dst.type = OP_NONE;
2211 break;
2212 case 4: /* smsw */
2213 c->dst.bytes = 2;
2214 c->dst.val = realmode_get_cr(ctxt->vcpu, 0);
2215 break;
2216 case 6: /* lmsw */
2217 realmode_lmsw(ctxt->vcpu, (u16)c->src.val,
2218 &ctxt->eflags);
2219 c->dst.type = OP_NONE;
2220 break;
2221 case 7: /* invlpg*/
2222 emulate_invlpg(ctxt->vcpu, memop);
2223 /* Disable writeback. */
2224 c->dst.type = OP_NONE;
2225 break;
2226 default:
2227 goto cannot_emulate;
2228 }
2229 break;
2230 case 0x05: /* syscall */
2231 if (emulate_syscall(ctxt) == -1)
2232 goto cannot_emulate;
2233 else
2234 goto writeback;
2235 break;
2236 case 0x06:
2237 emulate_clts(ctxt->vcpu);
2238 c->dst.type = OP_NONE;
2239 break;
2240 case 0x08: /* invd */
2241 case 0x09: /* wbinvd */
2242 case 0x0d: /* GrpP (prefetch) */
2243 case 0x18: /* Grp16 (prefetch/nop) */
2244 c->dst.type = OP_NONE;
2245 break;
2246 case 0x20: /* mov cr, reg */
2247 if (c->modrm_mod != 3)
2248 goto cannot_emulate;
2249 c->regs[c->modrm_rm] =
2250 realmode_get_cr(ctxt->vcpu, c->modrm_reg);
2251 c->dst.type = OP_NONE; /* no writeback */
2252 break;
2253 case 0x21: /* mov from dr to reg */
2254 if (c->modrm_mod != 3)
2255 goto cannot_emulate;
2256 rc = emulator_get_dr(ctxt, c->modrm_reg, &c->regs[c->modrm_rm]);
2257 if (rc)
2258 goto cannot_emulate;
2259 c->dst.type = OP_NONE; /* no writeback */
2260 break;
2261 case 0x22: /* mov reg, cr */
2262 if (c->modrm_mod != 3)
2263 goto cannot_emulate;
2264 realmode_set_cr(ctxt->vcpu,
2265 c->modrm_reg, c->modrm_val, &ctxt->eflags);
2266 c->dst.type = OP_NONE;
2267 break;
2268 case 0x23: /* mov from reg to dr */
2269 if (c->modrm_mod != 3)
2270 goto cannot_emulate;
2271 rc = emulator_set_dr(ctxt, c->modrm_reg,
2272 c->regs[c->modrm_rm]);
2273 if (rc)
2274 goto cannot_emulate;
2275 c->dst.type = OP_NONE; /* no writeback */
2276 break;
2277 case 0x30:
2278 /* wrmsr */
2279 msr_data = (u32)c->regs[VCPU_REGS_RAX]
2280 | ((u64)c->regs[VCPU_REGS_RDX] << 32);
2281 rc = kvm_set_msr(ctxt->vcpu, c->regs[VCPU_REGS_RCX], msr_data);
2282 if (rc) {
2283 kvm_inject_gp(ctxt->vcpu, 0);
2284 c->eip = kvm_rip_read(ctxt->vcpu);
2285 }
2286 rc = X86EMUL_CONTINUE;
2287 c->dst.type = OP_NONE;
2288 break;
2289 case 0x32:
2290 /* rdmsr */
2291 rc = kvm_get_msr(ctxt->vcpu, c->regs[VCPU_REGS_RCX], &msr_data);
2292 if (rc) {
2293 kvm_inject_gp(ctxt->vcpu, 0);
2294 c->eip = kvm_rip_read(ctxt->vcpu);
2295 } else {
2296 c->regs[VCPU_REGS_RAX] = (u32)msr_data;
2297 c->regs[VCPU_REGS_RDX] = msr_data >> 32;
2298 }
2299 rc = X86EMUL_CONTINUE;
2300 c->dst.type = OP_NONE;
2301 break;
2302 case 0x34: /* sysenter */
2303 if (emulate_sysenter(ctxt) == -1)
2304 goto cannot_emulate;
2305 else
2306 goto writeback;
2307 break;
2308 case 0x35: /* sysexit */
2309 if (emulate_sysexit(ctxt) == -1)
2310 goto cannot_emulate;
2311 else
2312 goto writeback;
2313 break;
2314 case 0x40 ... 0x4f: /* cmov */
2315 c->dst.val = c->dst.orig_val = c->src.val;
2316 if (!test_cc(c->b, ctxt->eflags))
2317 c->dst.type = OP_NONE; /* no writeback */
2318 break;
2319 case 0x80 ... 0x8f: /* jnz rel, etc*/
2320 if (test_cc(c->b, ctxt->eflags))
2321 jmp_rel(c, c->src.val);
2322 c->dst.type = OP_NONE;
2323 break;
2324 case 0xa3:
2325 bt: /* bt */
2326 c->dst.type = OP_NONE;
2327 /* only subword offset */
2328 c->src.val &= (c->dst.bytes << 3) - 1;
2329 emulate_2op_SrcV_nobyte("bt", c->src, c->dst, ctxt->eflags);
2330 break;
2331 case 0xa4: /* shld imm8, r, r/m */
2332 case 0xa5: /* shld cl, r, r/m */
2333 emulate_2op_cl("shld", c->src2, c->src, c->dst, ctxt->eflags);
2334 break;
2335 case 0xab:
2336 bts: /* bts */
2337 /* only subword offset */
2338 c->src.val &= (c->dst.bytes << 3) - 1;
2339 emulate_2op_SrcV_nobyte("bts", c->src, c->dst, ctxt->eflags);
2340 break;
2341 case 0xac: /* shrd imm8, r, r/m */
2342 case 0xad: /* shrd cl, r, r/m */
2343 emulate_2op_cl("shrd", c->src2, c->src, c->dst, ctxt->eflags);
2344 break;
2345 case 0xae: /* clflush */
2346 break;
2347 case 0xb0 ... 0xb1: /* cmpxchg */
2348 /*
2349 * Save real source value, then compare EAX against
2350 * destination.
2351 */
2352 c->src.orig_val = c->src.val;
2353 c->src.val = c->regs[VCPU_REGS_RAX];
2354 emulate_2op_SrcV("cmp", c->src, c->dst, ctxt->eflags);
2355 if (ctxt->eflags & EFLG_ZF) {
2356 /* Success: write back to memory. */
2357 c->dst.val = c->src.orig_val;
2358 } else {
2359 /* Failure: write the value we saw to EAX. */
2360 c->dst.type = OP_REG;
2361 c->dst.ptr = (unsigned long *)&c->regs[VCPU_REGS_RAX];
2362 }
2363 break;
2364 case 0xb3:
2365 btr: /* btr */
2366 /* only subword offset */
2367 c->src.val &= (c->dst.bytes << 3) - 1;
2368 emulate_2op_SrcV_nobyte("btr", c->src, c->dst, ctxt->eflags);
2369 break;
2370 case 0xb6 ... 0xb7: /* movzx */
2371 c->dst.bytes = c->op_bytes;
2372 c->dst.val = (c->d & ByteOp) ? (u8) c->src.val
2373 : (u16) c->src.val;
2374 break;
2375 case 0xba: /* Grp8 */
2376 switch (c->modrm_reg & 3) {
2377 case 0:
2378 goto bt;
2379 case 1:
2380 goto bts;
2381 case 2:
2382 goto btr;
2383 case 3:
2384 goto btc;
2385 }
2386 break;
2387 case 0xbb:
2388 btc: /* btc */
2389 /* only subword offset */
2390 c->src.val &= (c->dst.bytes << 3) - 1;
2391 emulate_2op_SrcV_nobyte("btc", c->src, c->dst, ctxt->eflags);
2392 break;
2393 case 0xbe ... 0xbf: /* movsx */
2394 c->dst.bytes = c->op_bytes;
2395 c->dst.val = (c->d & ByteOp) ? (s8) c->src.val :
2396 (s16) c->src.val;
2397 break;
2398 case 0xc3: /* movnti */
2399 c->dst.bytes = c->op_bytes;
2400 c->dst.val = (c->op_bytes == 4) ? (u32) c->src.val :
2401 (u64) c->src.val;
2402 break;
2403 case 0xc7: /* Grp9 (cmpxchg8b) */
2404 rc = emulate_grp9(ctxt, ops, memop);
2405 if (rc != 0)
2406 goto done;
2407 c->dst.type = OP_NONE;
2408 break;
2409 }
2410 goto writeback;
2411
2412 cannot_emulate:
2413 DPRINTF("Cannot emulate %02x\n", c->b);
2414 c->eip = saved_eip;
2415 return -1;
2416 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree