From 6bd995864567864867513295c02b3050691d30af Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:12:53 -0500 Subject: [PATCH 01/50] target/i386: Split out gen_exception_gpf Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-2-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 68 ++++++++++++++++++++----------------- 1 file changed, 37 insertions(+), 31 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index db56a483435d..2672e08197b2 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -1276,6 +1276,12 @@ static void gen_illegal_opcode(DisasContext *s) gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base); } +/* Generate #GP for the current instruction. */ +static void gen_exception_gpf(DisasContext *s) +{ + gen_exception(s, EXCP0D_GPF, s->pc_start - s->cs_base); +} + /* if d == OR_TMP0, it means memory operand (address in A0) */ static void gen_op(DisasContext *s1, int op, MemOp ot, int d) { @@ -4502,7 +4508,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) s->vex_l = 0; s->vex_v = 0; if (sigsetjmp(s->jmpbuf, 0) != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); return s->pc; } @@ -6567,7 +6573,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) set_cc_op(s, CC_OP_EFLAGS); } else if (s->vm86) { if (s->iopl != 3) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1)); set_cc_op(s, CC_OP_EFLAGS); @@ -6689,7 +6695,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x9c: /* pushf */ gen_svm_check_intercept(s, pc_start, SVM_EXIT_PUSHF); if (s->vm86 && s->iopl != 3) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { gen_update_cc_op(s); gen_helper_read_eflags(s->T0, cpu_env); @@ -6699,7 +6705,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x9d: /* popf */ gen_svm_check_intercept(s, pc_start, SVM_EXIT_POPF); if (s->vm86 && s->iopl != 3) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { ot = gen_pop_T0(s); if (s->cpl == 0) { @@ -7061,7 +7067,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xcd: /* int N */ val = x86_ldub_code(env, s); if (s->vm86 && s->iopl != 3) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { gen_interrupt(s, val, pc_start - s->cs_base, s->pc - s->cs_base); } @@ -7084,13 +7090,13 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (s->cpl <= s->iopl) { gen_helper_cli(cpu_env); } else { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } } else { if (s->iopl == 3) { gen_helper_cli(cpu_env); } else { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } } break; @@ -7101,7 +7107,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_jmp_im(s, s->pc - s->cs_base); gen_eob_inhibit_irq(s, true); } else { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } break; case 0x62: /* bound */ @@ -7194,7 +7200,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x130: /* wrmsr */ case 0x132: /* rdmsr */ if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { gen_update_cc_op(s); gen_jmp_im(s, pc_start - s->cs_base); @@ -7226,7 +7232,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1) goto illegal_op; if (!s->pe) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { gen_helper_sysenter(cpu_env); gen_eob(s); @@ -7237,7 +7243,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1) goto illegal_op; if (!s->pe) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { gen_helper_sysexit(cpu_env, tcg_const_i32(dflag - 1)); gen_eob(s); @@ -7256,7 +7262,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0x107: /* sysret */ if (!s->pe) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { gen_helper_sysret(cpu_env, tcg_const_i32(dflag - 1)); /* condition codes are modified only in long mode */ @@ -7278,7 +7284,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xf4: /* hlt */ if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { gen_update_cc_op(s); gen_jmp_im(s, pc_start - s->cs_base); @@ -7304,7 +7310,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!s->pe || s->vm86) goto illegal_op; if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_WRITE); gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); @@ -7325,7 +7331,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!s->pe || s->vm86) goto illegal_op; if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_WRITE); gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); @@ -7441,7 +7447,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); break; } tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX], @@ -7458,7 +7464,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); break; } gen_update_cc_op(s); @@ -7483,7 +7489,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); break; } gen_update_cc_op(s); @@ -7496,7 +7502,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); break; } gen_update_cc_op(s); @@ -7511,7 +7517,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); break; } gen_update_cc_op(s); @@ -7525,7 +7531,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); break; } gen_update_cc_op(s); @@ -7549,7 +7555,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); break; } gen_update_cc_op(s); @@ -7559,7 +7565,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) CASE_MODRM_MEM_OP(2): /* lgdt */ if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); break; } gen_svm_check_intercept(s, pc_start, SVM_EXIT_GDTR_WRITE); @@ -7576,7 +7582,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) CASE_MODRM_MEM_OP(3): /* lidt */ if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); break; } gen_svm_check_intercept(s, pc_start, SVM_EXIT_IDTR_WRITE); @@ -7622,7 +7628,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; CASE_MODRM_OP(6): /* lmsw */ if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); break; } gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0); @@ -7634,7 +7640,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) CASE_MODRM_MEM_OP(7): /* invlpg */ if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); break; } gen_update_cc_op(s); @@ -7649,7 +7655,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) #ifdef TARGET_X86_64 if (CODE64(s)) { if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { tcg_gen_mov_tl(s->T0, cpu_seg_base[R_GS]); tcg_gen_ld_tl(cpu_seg_base[R_GS], cpu_env, @@ -7685,7 +7691,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x108: /* invd */ case 0x109: /* wbinvd */ if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { gen_svm_check_intercept(s, pc_start, (b & 2) ? SVM_EXIT_INVD : SVM_EXIT_WBINVD); /* nothing to do */ @@ -8009,7 +8015,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x120: /* mov reg, crN */ case 0x122: /* mov crN, reg */ if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { modrm = x86_ldub_code(env, s); /* Ignore the mod bits (assume (modrm&0xc0)==0xc0). @@ -8063,7 +8069,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x121: /* mov reg, drN */ case 0x123: /* mov drN, reg */ if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { #ifndef CONFIG_USER_ONLY modrm = x86_ldub_code(env, s); @@ -8099,7 +8105,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0x106: /* clts */ if (s->cpl != 0) { - gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base); + gen_exception_gpf(s); } else { gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0); gen_helper_clts(cpu_env); From bc19f5052d3929a155f3e8c3aafc1cdb2338e60c Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:12:54 -0500 Subject: [PATCH 02/50] target/i386: Split out check_cpl0 Split out the check for CPL != 0 and the raising of #GP. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-3-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 79 ++++++++++++++----------------------- 1 file changed, 30 insertions(+), 49 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 2672e08197b2..61b30117a333 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -1282,6 +1282,16 @@ static void gen_exception_gpf(DisasContext *s) gen_exception(s, EXCP0D_GPF, s->pc_start - s->cs_base); } +/* Check for cpl == 0; if not, raise #GP and return false. */ +static bool check_cpl0(DisasContext *s) +{ + if (s->cpl == 0) { + return true; + } + gen_exception_gpf(s); + return false; +} + /* if d == OR_TMP0, it means memory operand (address in A0) */ static void gen_op(DisasContext *s1, int op, MemOp ot, int d) { @@ -7199,9 +7209,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0x130: /* wrmsr */ case 0x132: /* rdmsr */ - if (s->cpl != 0) { - gen_exception_gpf(s); - } else { + if (check_cpl0(s)) { gen_update_cc_op(s); gen_jmp_im(s, pc_start - s->cs_base); if (b & 2) { @@ -7283,9 +7291,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_helper_cpuid(cpu_env); break; case 0xf4: /* hlt */ - if (s->cpl != 0) { - gen_exception_gpf(s); - } else { + if (check_cpl0(s)) { gen_update_cc_op(s); gen_jmp_im(s, pc_start - s->cs_base); gen_helper_hlt(cpu_env, tcg_const_i32(s->pc - pc_start)); @@ -7309,9 +7315,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 2: /* lldt */ if (!s->pe || s->vm86) goto illegal_op; - if (s->cpl != 0) { - gen_exception_gpf(s); - } else { + if (check_cpl0(s)) { gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_WRITE); gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); @@ -7330,9 +7334,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 3: /* ltr */ if (!s->pe || s->vm86) goto illegal_op; - if (s->cpl != 0) { - gen_exception_gpf(s); - } else { + if (check_cpl0(s)) { gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_WRITE); gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); @@ -7446,8 +7448,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) | PREFIX_REPZ | PREFIX_REPNZ))) { goto illegal_op; } - if (s->cpl != 0) { - gen_exception_gpf(s); + if (!check_cpl0(s)) { break; } tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX], @@ -7463,8 +7464,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!(s->flags & HF_SVME_MASK) || !s->pe) { goto illegal_op; } - if (s->cpl != 0) { - gen_exception_gpf(s); + if (!check_cpl0(s)) { break; } gen_update_cc_op(s); @@ -7488,8 +7488,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!(s->flags & HF_SVME_MASK) || !s->pe) { goto illegal_op; } - if (s->cpl != 0) { - gen_exception_gpf(s); + if (!check_cpl0(s)) { break; } gen_update_cc_op(s); @@ -7501,8 +7500,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!(s->flags & HF_SVME_MASK) || !s->pe) { goto illegal_op; } - if (s->cpl != 0) { - gen_exception_gpf(s); + if (!check_cpl0(s)) { break; } gen_update_cc_op(s); @@ -7516,8 +7514,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) || !s->pe) { goto illegal_op; } - if (s->cpl != 0) { - gen_exception_gpf(s); + if (!check_cpl0(s)) { break; } gen_update_cc_op(s); @@ -7530,8 +7527,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!(s->flags & HF_SVME_MASK) || !s->pe) { goto illegal_op; } - if (s->cpl != 0) { - gen_exception_gpf(s); + if (!check_cpl0(s)) { break; } gen_update_cc_op(s); @@ -7554,8 +7550,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!(s->flags & HF_SVME_MASK) || !s->pe) { goto illegal_op; } - if (s->cpl != 0) { - gen_exception_gpf(s); + if (!check_cpl0(s)) { break; } gen_update_cc_op(s); @@ -7564,8 +7559,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; CASE_MODRM_MEM_OP(2): /* lgdt */ - if (s->cpl != 0) { - gen_exception_gpf(s); + if (!check_cpl0(s)) { break; } gen_svm_check_intercept(s, pc_start, SVM_EXIT_GDTR_WRITE); @@ -7581,8 +7575,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; CASE_MODRM_MEM_OP(3): /* lidt */ - if (s->cpl != 0) { - gen_exception_gpf(s); + if (!check_cpl0(s)) { break; } gen_svm_check_intercept(s, pc_start, SVM_EXIT_IDTR_WRITE); @@ -7627,8 +7620,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_helper_wrpkru(cpu_env, s->tmp2_i32, s->tmp1_i64); break; CASE_MODRM_OP(6): /* lmsw */ - if (s->cpl != 0) { - gen_exception_gpf(s); + if (!check_cpl0(s)) { break; } gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0); @@ -7639,8 +7631,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; CASE_MODRM_MEM_OP(7): /* invlpg */ - if (s->cpl != 0) { - gen_exception_gpf(s); + if (!check_cpl0(s)) { break; } gen_update_cc_op(s); @@ -7654,9 +7645,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xf8: /* swapgs */ #ifdef TARGET_X86_64 if (CODE64(s)) { - if (s->cpl != 0) { - gen_exception_gpf(s); - } else { + if (check_cpl0(s)) { tcg_gen_mov_tl(s->T0, cpu_seg_base[R_GS]); tcg_gen_ld_tl(cpu_seg_base[R_GS], cpu_env, offsetof(CPUX86State, kernelgsbase)); @@ -7690,9 +7679,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x108: /* invd */ case 0x109: /* wbinvd */ - if (s->cpl != 0) { - gen_exception_gpf(s); - } else { + if (check_cpl0(s)) { gen_svm_check_intercept(s, pc_start, (b & 2) ? SVM_EXIT_INVD : SVM_EXIT_WBINVD); /* nothing to do */ } @@ -8014,9 +8001,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0x120: /* mov reg, crN */ case 0x122: /* mov crN, reg */ - if (s->cpl != 0) { - gen_exception_gpf(s); - } else { + if (check_cpl0(s)) { modrm = x86_ldub_code(env, s); /* Ignore the mod bits (assume (modrm&0xc0)==0xc0). * AMD documentation (24594.pdf) and testing of @@ -8068,9 +8053,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0x121: /* mov reg, drN */ case 0x123: /* mov drN, reg */ - if (s->cpl != 0) { - gen_exception_gpf(s); - } else { + if (check_cpl0(s)) { #ifndef CONFIG_USER_ONLY modrm = x86_ldub_code(env, s); /* Ignore the mod bits (assume (modrm&0xc0)==0xc0). @@ -8104,9 +8087,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) } break; case 0x106: /* clts */ - if (s->cpl != 0) { - gen_exception_gpf(s); - } else { + if (check_cpl0(s)) { gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0); gen_helper_clts(cpu_env); /* abort block because static cpu state changed */ From e048f3d6b91d88d28b688fa412b8d30d8f4893ce Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:12:55 -0500 Subject: [PATCH 03/50] target/i386: Unify code paths for IRET In vm86 mode, we use the same helper as real-mode, but with an extra check for IOPL. All non-exceptional paths set EFLAGS. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-4-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 61b30117a333..0a1566294955 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -6577,22 +6577,18 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto do_lret; case 0xcf: /* iret */ gen_svm_check_intercept(s, pc_start, SVM_EXIT_IRET); - if (!s->pe) { - /* real mode */ - gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1)); - set_cc_op(s, CC_OP_EFLAGS); - } else if (s->vm86) { - if (s->iopl != 3) { + if (!s->pe || s->vm86) { + /* real mode or vm86 mode */ + if (s->vm86 && s->iopl != 3) { gen_exception_gpf(s); - } else { - gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1)); - set_cc_op(s, CC_OP_EFLAGS); + break; } + gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1)); } else { gen_helper_iret_protected(cpu_env, tcg_const_i32(dflag - 1), tcg_const_i32(s->pc - s->cs_base)); - set_cc_op(s, CC_OP_EFLAGS); } + set_cc_op(s, CC_OP_EFLAGS); gen_eob(s); break; case 0xe8: /* call im */ From aa9f21b1f0d4149d3e569b673deb1835f1f098d8 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:12:56 -0500 Subject: [PATCH 04/50] target/i386: Split out check_vm86_iopl Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-5-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 0a1566294955..74f6024f8261 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -1292,6 +1292,16 @@ static bool check_cpl0(DisasContext *s) return false; } +/* If vm86, check for iopl == 3; if not, raise #GP and return false. */ +static bool check_vm86_iopl(DisasContext *s) +{ + if (!s->vm86 || s->iopl == 3) { + return true; + } + gen_exception_gpf(s); + return false; +} + /* if d == OR_TMP0, it means memory operand (address in A0) */ static void gen_op(DisasContext *s1, int op, MemOp ot, int d) { @@ -6579,8 +6589,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_svm_check_intercept(s, pc_start, SVM_EXIT_IRET); if (!s->pe || s->vm86) { /* real mode or vm86 mode */ - if (s->vm86 && s->iopl != 3) { - gen_exception_gpf(s); + if (!check_vm86_iopl(s)) { break; } gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1)); @@ -6700,9 +6709,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) /* flags */ case 0x9c: /* pushf */ gen_svm_check_intercept(s, pc_start, SVM_EXIT_PUSHF); - if (s->vm86 && s->iopl != 3) { - gen_exception_gpf(s); - } else { + if (check_vm86_iopl(s)) { gen_update_cc_op(s); gen_helper_read_eflags(s->T0, cpu_env); gen_push_v(s, s->T0); @@ -6710,9 +6717,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0x9d: /* popf */ gen_svm_check_intercept(s, pc_start, SVM_EXIT_POPF); - if (s->vm86 && s->iopl != 3) { - gen_exception_gpf(s); - } else { + if (check_vm86_iopl(s)) { ot = gen_pop_T0(s); if (s->cpl == 0) { if (dflag != MO_16) { @@ -7072,9 +7077,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xcd: /* int N */ val = x86_ldub_code(env, s); - if (s->vm86 && s->iopl != 3) { - gen_exception_gpf(s); - } else { + if (check_vm86_iopl(s)) { gen_interrupt(s, val, pc_start - s->cs_base, s->pc - s->cs_base); } break; From ca7874c2fa6502c612514024632cd6ae4a46641f Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:12:57 -0500 Subject: [PATCH 05/50] target/i386: Split out check_iopl Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-6-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 74f6024f8261..873ed0097540 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -1302,6 +1302,16 @@ static bool check_vm86_iopl(DisasContext *s) return false; } +/* Check for iopl allowing access; if not, raise #GP and return false. */ +static bool check_iopl(DisasContext *s) +{ + if (s->vm86 ? s->iopl == 3 : s->cpl <= s->iopl) { + return true; + } + gen_exception_gpf(s); + return false; +} + /* if d == OR_TMP0, it means memory operand (address in A0) */ static void gen_op(DisasContext *s1, int op, MemOp ot, int d) { @@ -7095,28 +7105,16 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; #endif case 0xfa: /* cli */ - if (!s->vm86) { - if (s->cpl <= s->iopl) { - gen_helper_cli(cpu_env); - } else { - gen_exception_gpf(s); - } - } else { - if (s->iopl == 3) { - gen_helper_cli(cpu_env); - } else { - gen_exception_gpf(s); - } + if (check_iopl(s)) { + gen_helper_cli(cpu_env); } break; case 0xfb: /* sti */ - if (s->vm86 ? s->iopl == 3 : s->cpl <= s->iopl) { + if (check_iopl(s)) { gen_helper_sti(cpu_env); /* interruptions are enabled only the first insn after sti */ gen_jmp_im(s, s->pc - s->cs_base); gen_eob_inhibit_irq(s, true); - } else { - gen_exception_gpf(s); } break; case 0x62: /* bound */ From d75f912927099574e4ff6d82ba08f2e1a9583c7a Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:12:58 -0500 Subject: [PATCH 06/50] target/i386: Assert PE is set for user-only A user-mode executable is never in real-mode. Since we're adding an accessor macro, pull the value directly out of flags for sysemu. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-7-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 69 +++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 33 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 873ed0097540..7f3993fccb2a 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -94,7 +94,6 @@ typedef struct DisasContext { target_ulong pc; /* pc = eip + cs_base */ /* current block context */ target_ulong cs_base; /* base of CS segment */ - int pe; /* protected mode */ int code32; /* 32 bit code segment */ #ifdef TARGET_X86_64 int lma; /* long mode active */ @@ -146,6 +145,13 @@ typedef struct DisasContext { sigjmp_buf jmpbuf; } DisasContext; +/* The environment in which user-only runs is constrained. */ +#ifdef CONFIG_USER_ONLY +#define PE(S) true +#else +#define PE(S) (((S)->flags & HF_PE_MASK) != 0) +#endif + static void gen_eob(DisasContext *s); static void gen_jr(DisasContext *s, TCGv dest); static void gen_jmp(DisasContext *s, target_ulong eip); @@ -617,7 +623,7 @@ static void gen_check_io(DisasContext *s, MemOp ot, target_ulong cur_eip, { target_ulong next_eip; - if (s->pe && (s->cpl > s->iopl || s->vm86)) { + if (PE(s) && (s->cpl > s->iopl || s->vm86)) { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); switch (ot) { case MO_8: @@ -2345,7 +2351,7 @@ static inline void gen_op_movl_seg_T0_vm(DisasContext *s, X86Seg seg_reg) call this function with seg_reg == R_CS */ static void gen_movl_seg_T0(DisasContext *s, X86Seg seg_reg) { - if (s->pe && !s->vm86) { + if (PE(s) && !s->vm86) { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); gen_helper_load_seg(cpu_env, tcg_const_i32(seg_reg), s->tmp2_i32); /* abort translation because the addseg value may change or @@ -5108,7 +5114,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_add_A0_im(s, 1 << ot); gen_op_ld_v(s, MO_16, s->T0, s->A0); do_lcall: - if (s->pe && !s->vm86) { + if (PE(s) && !s->vm86) { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); gen_helper_lcall_protected(cpu_env, s->tmp2_i32, s->T1, tcg_const_i32(dflag - 1), @@ -5138,7 +5144,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_add_A0_im(s, 1 << ot); gen_op_ld_v(s, MO_16, s->T0, s->A0); do_ljmp: - if (s->pe && !s->vm86) { + if (PE(s) && !s->vm86) { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); gen_helper_ljmp_protected(cpu_env, s->tmp2_i32, s->T1, tcg_const_tl(s->pc - s->cs_base)); @@ -6571,7 +6577,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xca: /* lret im */ val = x86_ldsw_code(env, s); do_lret: - if (s->pe && !s->vm86) { + if (PE(s) && !s->vm86) { gen_update_cc_op(s); gen_jmp_im(s, pc_start - s->cs_base); gen_helper_lret_protected(cpu_env, tcg_const_i32(dflag - 1), @@ -6597,7 +6603,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto do_lret; case 0xcf: /* iret */ gen_svm_check_intercept(s, pc_start, SVM_EXIT_IRET); - if (!s->pe || s->vm86) { + if (!PE(s) || s->vm86) { /* real mode or vm86 mode */ if (!check_vm86_iopl(s)) { break; @@ -7236,7 +7242,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) /* For Intel SYSENTER is valid on 64-bit */ if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1) goto illegal_op; - if (!s->pe) { + if (!PE(s)) { gen_exception_gpf(s); } else { gen_helper_sysenter(cpu_env); @@ -7247,7 +7253,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) /* For Intel SYSEXIT is valid on 64-bit */ if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1) goto illegal_op; - if (!s->pe) { + if (!PE(s)) { gen_exception_gpf(s); } else { gen_helper_sysexit(cpu_env, tcg_const_i32(dflag - 1)); @@ -7266,7 +7272,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_eob_worker(s, false, true); break; case 0x107: /* sysret */ - if (!s->pe) { + if (!PE(s)) { gen_exception_gpf(s); } else { gen_helper_sysret(cpu_env, tcg_const_i32(dflag - 1)); @@ -7301,7 +7307,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) op = (modrm >> 3) & 7; switch(op) { case 0: /* sldt */ - if (!s->pe || s->vm86) + if (!PE(s) || s->vm86) goto illegal_op; gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_READ); tcg_gen_ld32u_tl(s->T0, cpu_env, @@ -7310,7 +7316,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1); break; case 2: /* lldt */ - if (!s->pe || s->vm86) + if (!PE(s) || s->vm86) goto illegal_op; if (check_cpl0(s)) { gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_WRITE); @@ -7320,7 +7326,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) } break; case 1: /* str */ - if (!s->pe || s->vm86) + if (!PE(s) || s->vm86) goto illegal_op; gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_READ); tcg_gen_ld32u_tl(s->T0, cpu_env, @@ -7329,7 +7335,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1); break; case 3: /* ltr */ - if (!s->pe || s->vm86) + if (!PE(s) || s->vm86) goto illegal_op; if (check_cpl0(s)) { gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_WRITE); @@ -7340,7 +7346,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 4: /* verr */ case 5: /* verw */ - if (!s->pe || s->vm86) + if (!PE(s) || s->vm86) goto illegal_op; gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); gen_update_cc_op(s); @@ -7458,7 +7464,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xd8: /* VMRUN */ - if (!(s->flags & HF_SVME_MASK) || !s->pe) { + if (!(s->flags & HF_SVME_MASK) || !PE(s)) { goto illegal_op; } if (!check_cpl0(s)) { @@ -7482,7 +7488,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xda: /* VMLOAD */ - if (!(s->flags & HF_SVME_MASK) || !s->pe) { + if (!(s->flags & HF_SVME_MASK) || !PE(s)) { goto illegal_op; } if (!check_cpl0(s)) { @@ -7494,7 +7500,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xdb: /* VMSAVE */ - if (!(s->flags & HF_SVME_MASK) || !s->pe) { + if (!(s->flags & HF_SVME_MASK) || !PE(s)) { goto illegal_op; } if (!check_cpl0(s)) { @@ -7508,7 +7514,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xdc: /* STGI */ if ((!(s->flags & HF_SVME_MASK) && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT)) - || !s->pe) { + || !PE(s)) { goto illegal_op; } if (!check_cpl0(s)) { @@ -7521,7 +7527,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xdd: /* CLGI */ - if (!(s->flags & HF_SVME_MASK) || !s->pe) { + if (!(s->flags & HF_SVME_MASK) || !PE(s)) { goto illegal_op; } if (!check_cpl0(s)) { @@ -7535,7 +7541,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xde: /* SKINIT */ if ((!(s->flags & HF_SVME_MASK) && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT)) - || !s->pe) { + || !PE(s)) { goto illegal_op; } gen_update_cc_op(s); @@ -7544,7 +7550,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xdf: /* INVLPGA */ - if (!(s->flags & HF_SVME_MASK) || !s->pe) { + if (!(s->flags & HF_SVME_MASK) || !PE(s)) { goto illegal_op; } if (!check_cpl0(s)) { @@ -7711,7 +7717,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) TCGLabel *label1; TCGv t0, t1, t2, a0; - if (!s->pe || s->vm86) + if (!PE(s) || s->vm86) goto illegal_op; t0 = tcg_temp_local_new(); t1 = tcg_temp_local_new(); @@ -7759,7 +7765,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) { TCGLabel *label1; TCGv t0; - if (!s->pe || s->vm86) + if (!PE(s) || s->vm86) goto illegal_op; ot = dflag != MO_16 ? MO_32 : MO_16; modrm = x86_ldub_code(env, s); @@ -8461,9 +8467,13 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) DisasContext *dc = container_of(dcbase, DisasContext, base); CPUX86State *env = cpu->env_ptr; uint32_t flags = dc->base.tb->flags; - target_ulong cs_base = dc->base.tb->cs_base; - dc->pe = (flags >> HF_PE_SHIFT) & 1; + dc->cs_base = dc->base.tb->cs_base; + dc->flags = flags; + + /* We make some simplifying assumptions; validate they're correct. */ + g_assert(PE(dc) == ((flags & HF_PE_MASK) != 0)); + dc->code32 = (flags >> HF_CS32_SHIFT) & 1; dc->ss32 = (flags >> HF_SS32_SHIFT) & 1; dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1; @@ -8474,7 +8484,6 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) dc->tf = (flags >> TF_SHIFT) & 1; dc->cc_op = CC_OP_DYNAMIC; dc->cc_op_dirty = false; - dc->cs_base = cs_base; dc->popl_esp_hack = 0; /* select memory access functions */ dc->mem_index = 0; @@ -8491,7 +8500,6 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) dc->lma = (flags >> HF_LMA_SHIFT) & 1; dc->code64 = (flags >> HF_CS64_SHIFT) & 1; #endif - dc->flags = flags; dc->jmp_opt = !(dc->tf || dc->base.singlestep_enabled || (flags & HF_INHIBIT_IRQ_MASK)); /* Do not optimize repz jumps at all in icount mode, because @@ -8505,11 +8513,6 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) additional step for ecx=0 when icount is enabled. */ dc->repz_opt = !dc->jmp_opt && !(tb_cflags(dc->base.tb) & CF_USE_ICOUNT); -#if 0 - /* check addseg logic */ - if (!dc->addseg && (dc->vm86 || !dc->pe || !dc->code32)) - printf("ERROR addseg\n"); -#endif dc->T0 = tcg_temp_new(); dc->T1 = tcg_temp_new(); From 01b9d8c1b23b6e5af631cb56b86011466b52789a Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:12:59 -0500 Subject: [PATCH 07/50] target/i386: Assert CPL is 3 for user-only A user-mode executable always runs in ring 3. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-8-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 7f3993fccb2a..4c9194416dcf 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -94,6 +94,11 @@ typedef struct DisasContext { target_ulong pc; /* pc = eip + cs_base */ /* current block context */ target_ulong cs_base; /* base of CS segment */ + +#ifndef CONFIG_USER_ONLY + uint8_t cpl; /* code priv level */ +#endif + int code32; /* 32 bit code segment */ #ifdef TARGET_X86_64 int lma; /* long mode active */ @@ -111,7 +116,6 @@ typedef struct DisasContext { int addseg; /* non zero if either DS/ES/SS have a non zero base */ int f_st; /* currently unused */ int vm86; /* vm86 mode */ - int cpl; int iopl; int tf; /* TF cpu flag */ int jmp_opt; /* use direct block chaining for direct jumps */ @@ -148,8 +152,10 @@ typedef struct DisasContext { /* The environment in which user-only runs is constrained. */ #ifdef CONFIG_USER_ONLY #define PE(S) true +#define CPL(S) 3 #else #define PE(S) (((S)->flags & HF_PE_MASK) != 0) +#define CPL(S) ((S)->cpl) #endif static void gen_eob(DisasContext *s); @@ -623,7 +629,7 @@ static void gen_check_io(DisasContext *s, MemOp ot, target_ulong cur_eip, { target_ulong next_eip; - if (PE(s) && (s->cpl > s->iopl || s->vm86)) { + if (PE(s) && (CPL(s) > s->iopl || s->vm86)) { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); switch (ot) { case MO_8: @@ -1291,7 +1297,7 @@ static void gen_exception_gpf(DisasContext *s) /* Check for cpl == 0; if not, raise #GP and return false. */ static bool check_cpl0(DisasContext *s) { - if (s->cpl == 0) { + if (CPL(s) == 0) { return true; } gen_exception_gpf(s); @@ -1311,7 +1317,7 @@ static bool check_vm86_iopl(DisasContext *s) /* Check for iopl allowing access; if not, raise #GP and return false. */ static bool check_iopl(DisasContext *s) { - if (s->vm86 ? s->iopl == 3 : s->cpl <= s->iopl) { + if (s->vm86 ? s->iopl == 3 : CPL(s) <= s->iopl) { return true; } gen_exception_gpf(s); @@ -6735,7 +6741,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_svm_check_intercept(s, pc_start, SVM_EXIT_POPF); if (check_vm86_iopl(s)) { ot = gen_pop_T0(s); - if (s->cpl == 0) { + if (CPL(s) == 0) { if (dflag != MO_16) { gen_helper_write_eflags(cpu_env, s->T0, tcg_const_i32((TF_MASK | AC_MASK | @@ -6750,7 +6756,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) & 0xffff)); } } else { - if (s->cpl <= s->iopl) { + if (CPL(s) <= s->iopl) { if (dflag != MO_16) { gen_helper_write_eflags(cpu_env, s->T0, tcg_const_i32((TF_MASK | @@ -7380,7 +7386,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xc8: /* monitor */ - if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || s->cpl != 0) { + if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || CPL(s) != 0) { goto illegal_op; } gen_update_cc_op(s); @@ -7392,7 +7398,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xc9: /* mwait */ - if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || s->cpl != 0) { + if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || CPL(s) != 0) { goto illegal_op; } gen_update_cc_op(s); @@ -7403,7 +7409,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xca: /* clac */ if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP) - || s->cpl != 0) { + || CPL(s) != 0) { goto illegal_op; } gen_helper_clac(cpu_env); @@ -7413,7 +7419,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xcb: /* stac */ if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP) - || s->cpl != 0) { + || CPL(s) != 0) { goto illegal_op; } gen_helper_stac(cpu_env); @@ -8467,19 +8473,23 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) DisasContext *dc = container_of(dcbase, DisasContext, base); CPUX86State *env = cpu->env_ptr; uint32_t flags = dc->base.tb->flags; + int cpl = (flags >> HF_CPL_SHIFT) & 3; dc->cs_base = dc->base.tb->cs_base; dc->flags = flags; +#ifndef CONFIG_USER_ONLY + dc->cpl = cpl; +#endif /* We make some simplifying assumptions; validate they're correct. */ g_assert(PE(dc) == ((flags & HF_PE_MASK) != 0)); + g_assert(CPL(dc) == cpl); dc->code32 = (flags >> HF_CS32_SHIFT) & 1; dc->ss32 = (flags >> HF_SS32_SHIFT) & 1; dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1; dc->f_st = 0; dc->vm86 = (flags >> VM_SHIFT) & 1; - dc->cpl = (flags >> HF_CPL_SHIFT) & 3; dc->iopl = (flags >> IOPL_SHIFT) & 3; dc->tf = (flags >> TF_SHIFT) & 1; dc->cc_op = CC_OP_DYNAMIC; From 0ab011cca08651349172187d574e2fb1316283ef Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:00 -0500 Subject: [PATCH 08/50] target/i386: Assert IOPL is 0 for user-only On real hardware, the linux kernel has the iopl(2) syscall which can set IOPL to 3, to allow e.g. the xserver to briefly disable interrupts while programming the graphics card. However, QEMU cannot and does not implement this syscall, so the IOPL is never changed from 0. Which means that all of the checks vs CPL <= IOPL are false for user-only. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-9-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 4c9194416dcf..b8cb7163ee10 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -97,6 +97,7 @@ typedef struct DisasContext { #ifndef CONFIG_USER_ONLY uint8_t cpl; /* code priv level */ + uint8_t iopl; /* i/o priv level */ #endif int code32; /* 32 bit code segment */ @@ -116,7 +117,6 @@ typedef struct DisasContext { int addseg; /* non zero if either DS/ES/SS have a non zero base */ int f_st; /* currently unused */ int vm86; /* vm86 mode */ - int iopl; int tf; /* TF cpu flag */ int jmp_opt; /* use direct block chaining for direct jumps */ int repz_opt; /* optimize jumps within repz instructions */ @@ -153,9 +153,11 @@ typedef struct DisasContext { #ifdef CONFIG_USER_ONLY #define PE(S) true #define CPL(S) 3 +#define IOPL(S) 0 #else #define PE(S) (((S)->flags & HF_PE_MASK) != 0) #define CPL(S) ((S)->cpl) +#define IOPL(S) ((S)->iopl) #endif static void gen_eob(DisasContext *s); @@ -629,7 +631,7 @@ static void gen_check_io(DisasContext *s, MemOp ot, target_ulong cur_eip, { target_ulong next_eip; - if (PE(s) && (CPL(s) > s->iopl || s->vm86)) { + if (PE(s) && (CPL(s) > IOPL(s) || s->vm86)) { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); switch (ot) { case MO_8: @@ -1307,7 +1309,7 @@ static bool check_cpl0(DisasContext *s) /* If vm86, check for iopl == 3; if not, raise #GP and return false. */ static bool check_vm86_iopl(DisasContext *s) { - if (!s->vm86 || s->iopl == 3) { + if (!s->vm86 || IOPL(s) == 3) { return true; } gen_exception_gpf(s); @@ -1317,7 +1319,7 @@ static bool check_vm86_iopl(DisasContext *s) /* Check for iopl allowing access; if not, raise #GP and return false. */ static bool check_iopl(DisasContext *s) { - if (s->vm86 ? s->iopl == 3 : CPL(s) <= s->iopl) { + if (s->vm86 ? IOPL(s) == 3 : CPL(s) <= IOPL(s)) { return true; } gen_exception_gpf(s); @@ -6756,7 +6758,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) & 0xffff)); } } else { - if (CPL(s) <= s->iopl) { + if (CPL(s) <= IOPL(s)) { if (dflag != MO_16) { gen_helper_write_eflags(cpu_env, s->T0, tcg_const_i32((TF_MASK | @@ -8474,23 +8476,25 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) CPUX86State *env = cpu->env_ptr; uint32_t flags = dc->base.tb->flags; int cpl = (flags >> HF_CPL_SHIFT) & 3; + int iopl = (flags >> IOPL_SHIFT) & 3; dc->cs_base = dc->base.tb->cs_base; dc->flags = flags; #ifndef CONFIG_USER_ONLY dc->cpl = cpl; + dc->iopl = iopl; #endif /* We make some simplifying assumptions; validate they're correct. */ g_assert(PE(dc) == ((flags & HF_PE_MASK) != 0)); g_assert(CPL(dc) == cpl); + g_assert(IOPL(dc) == iopl); dc->code32 = (flags >> HF_CS32_SHIFT) & 1; dc->ss32 = (flags >> HF_SS32_SHIFT) & 1; dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1; dc->f_st = 0; dc->vm86 = (flags >> VM_SHIFT) & 1; - dc->iopl = (flags >> IOPL_SHIFT) & 3; dc->tf = (flags >> TF_SHIFT) & 1; dc->cc_op = CC_OP_DYNAMIC; dc->cc_op_dirty = false; From f8a35846d5479fb076c12c8c84c010cb479bdc49 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:01 -0500 Subject: [PATCH 09/50] target/i386: Assert !VM86 for x86_64 user-only For i386-linux-user, we can enter vm86 mode via the vm86(2) syscall. That syscall explicitly returns to 32-bit mode, and the syscall does not exist for a 64-bit x86_64 executable. Since we're adding an accessor macro, pull the value directly out of flags otherwise. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-10-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 40 ++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index b8cb7163ee10..27806f35f9b6 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -116,7 +116,6 @@ typedef struct DisasContext { #endif int addseg; /* non zero if either DS/ES/SS have a non zero base */ int f_st; /* currently unused */ - int vm86; /* vm86 mode */ int tf; /* TF cpu flag */ int jmp_opt; /* use direct block chaining for direct jumps */ int repz_opt; /* optimize jumps within repz instructions */ @@ -159,6 +158,11 @@ typedef struct DisasContext { #define CPL(S) ((S)->cpl) #define IOPL(S) ((S)->iopl) #endif +#if defined(CONFIG_USER_ONLY) && defined(TARGET_X86_64) +#define VM86(S) false +#else +#define VM86(S) (((S)->flags & HF_VM_MASK) != 0) +#endif static void gen_eob(DisasContext *s); static void gen_jr(DisasContext *s, TCGv dest); @@ -631,7 +635,7 @@ static void gen_check_io(DisasContext *s, MemOp ot, target_ulong cur_eip, { target_ulong next_eip; - if (PE(s) && (CPL(s) > IOPL(s) || s->vm86)) { + if (PE(s) && (CPL(s) > IOPL(s) || VM86(s))) { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); switch (ot) { case MO_8: @@ -1309,7 +1313,7 @@ static bool check_cpl0(DisasContext *s) /* If vm86, check for iopl == 3; if not, raise #GP and return false. */ static bool check_vm86_iopl(DisasContext *s) { - if (!s->vm86 || IOPL(s) == 3) { + if (!VM86(s) || IOPL(s) == 3) { return true; } gen_exception_gpf(s); @@ -1319,7 +1323,7 @@ static bool check_vm86_iopl(DisasContext *s) /* Check for iopl allowing access; if not, raise #GP and return false. */ static bool check_iopl(DisasContext *s) { - if (s->vm86 ? IOPL(s) == 3 : CPL(s) <= IOPL(s)) { + if (VM86(s) ? IOPL(s) == 3 : CPL(s) <= IOPL(s)) { return true; } gen_exception_gpf(s); @@ -2359,7 +2363,7 @@ static inline void gen_op_movl_seg_T0_vm(DisasContext *s, X86Seg seg_reg) call this function with seg_reg == R_CS */ static void gen_movl_seg_T0(DisasContext *s, X86Seg seg_reg) { - if (PE(s) && !s->vm86) { + if (PE(s) && !VM86(s)) { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); gen_helper_load_seg(cpu_env, tcg_const_i32(seg_reg), s->tmp2_i32); /* abort translation because the addseg value may change or @@ -4615,7 +4619,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xc4: /* 3-byte VEX */ /* VEX prefixes cannot be used except in 32-bit mode. Otherwise the instruction is LES or LDS. */ - if (s->code32 && !s->vm86) { + if (s->code32 && !VM86(s)) { static const int pp_prefix[4] = { 0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ }; @@ -5122,7 +5126,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_add_A0_im(s, 1 << ot); gen_op_ld_v(s, MO_16, s->T0, s->A0); do_lcall: - if (PE(s) && !s->vm86) { + if (PE(s) && !VM86(s)) { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); gen_helper_lcall_protected(cpu_env, s->tmp2_i32, s->T1, tcg_const_i32(dflag - 1), @@ -5152,7 +5156,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_add_A0_im(s, 1 << ot); gen_op_ld_v(s, MO_16, s->T0, s->A0); do_ljmp: - if (PE(s) && !s->vm86) { + if (PE(s) && !VM86(s)) { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); gen_helper_ljmp_protected(cpu_env, s->tmp2_i32, s->T1, tcg_const_tl(s->pc - s->cs_base)); @@ -6585,7 +6589,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xca: /* lret im */ val = x86_ldsw_code(env, s); do_lret: - if (PE(s) && !s->vm86) { + if (PE(s) && !VM86(s)) { gen_update_cc_op(s); gen_jmp_im(s, pc_start - s->cs_base); gen_helper_lret_protected(cpu_env, tcg_const_i32(dflag - 1), @@ -6611,7 +6615,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto do_lret; case 0xcf: /* iret */ gen_svm_check_intercept(s, pc_start, SVM_EXIT_IRET); - if (!PE(s) || s->vm86) { + if (!PE(s) || VM86(s)) { /* real mode or vm86 mode */ if (!check_vm86_iopl(s)) { break; @@ -7315,7 +7319,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) op = (modrm >> 3) & 7; switch(op) { case 0: /* sldt */ - if (!PE(s) || s->vm86) + if (!PE(s) || VM86(s)) goto illegal_op; gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_READ); tcg_gen_ld32u_tl(s->T0, cpu_env, @@ -7324,7 +7328,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1); break; case 2: /* lldt */ - if (!PE(s) || s->vm86) + if (!PE(s) || VM86(s)) goto illegal_op; if (check_cpl0(s)) { gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_WRITE); @@ -7334,7 +7338,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) } break; case 1: /* str */ - if (!PE(s) || s->vm86) + if (!PE(s) || VM86(s)) goto illegal_op; gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_READ); tcg_gen_ld32u_tl(s->T0, cpu_env, @@ -7343,7 +7347,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1); break; case 3: /* ltr */ - if (!PE(s) || s->vm86) + if (!PE(s) || VM86(s)) goto illegal_op; if (check_cpl0(s)) { gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_WRITE); @@ -7354,7 +7358,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 4: /* verr */ case 5: /* verw */ - if (!PE(s) || s->vm86) + if (!PE(s) || VM86(s)) goto illegal_op; gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); gen_update_cc_op(s); @@ -7725,7 +7729,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) TCGLabel *label1; TCGv t0, t1, t2, a0; - if (!PE(s) || s->vm86) + if (!PE(s) || VM86(s)) goto illegal_op; t0 = tcg_temp_local_new(); t1 = tcg_temp_local_new(); @@ -7773,7 +7777,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) { TCGLabel *label1; TCGv t0; - if (!PE(s) || s->vm86) + if (!PE(s) || VM86(s)) goto illegal_op; ot = dflag != MO_16 ? MO_32 : MO_16; modrm = x86_ldub_code(env, s); @@ -8489,12 +8493,12 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) g_assert(PE(dc) == ((flags & HF_PE_MASK) != 0)); g_assert(CPL(dc) == cpl); g_assert(IOPL(dc) == iopl); + g_assert(VM86(dc) == ((flags & HF_VM_MASK) != 0)); dc->code32 = (flags >> HF_CS32_SHIFT) & 1; dc->ss32 = (flags >> HF_SS32_SHIFT) & 1; dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1; dc->f_st = 0; - dc->vm86 = (flags >> VM_SHIFT) & 1; dc->tf = (flags >> TF_SHIFT) & 1; dc->cc_op = CC_OP_DYNAMIC; dc->cc_op_dirty = false; From 9996dcfd674a66a11983adc33ea09cae92676eaf Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:02 -0500 Subject: [PATCH 10/50] target/i386: Assert CODE32 for x86_64 user-only For user-only, CODE32 == !VM86, because we are never in real-mode. Since we cannot enter vm86 mode for x86_64 user-only, CODE32 is always set. Since we're adding an accessor macro, pull the value directly out of flags otherwise. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-11-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 27806f35f9b6..b5709214109b 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -100,7 +100,6 @@ typedef struct DisasContext { uint8_t iopl; /* i/o priv level */ #endif - int code32; /* 32 bit code segment */ #ifdef TARGET_X86_64 int lma; /* long mode active */ int code64; /* 64 bit code segment */ @@ -160,8 +159,10 @@ typedef struct DisasContext { #endif #if defined(CONFIG_USER_ONLY) && defined(TARGET_X86_64) #define VM86(S) false +#define CODE32(S) true #else #define VM86(S) (((S)->flags & HF_VM_MASK) != 0) +#define CODE32(S) (((S)->flags & HF_CS32_MASK) != 0) #endif static void gen_eob(DisasContext *s); @@ -2370,7 +2371,7 @@ static void gen_movl_seg_T0(DisasContext *s, X86Seg seg_reg) because ss32 may change. For R_SS, translation must always stop as a special handling must be done to disable hardware interrupts for the next instruction */ - if (seg_reg == R_SS || (s->code32 && seg_reg < R_FS)) { + if (seg_reg == R_SS || (CODE32(s) && seg_reg < R_FS)) { s->base.is_jmp = DISAS_TOO_MANY; } } else { @@ -4619,7 +4620,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xc4: /* 3-byte VEX */ /* VEX prefixes cannot be used except in 32-bit mode. Otherwise the instruction is LES or LDS. */ - if (s->code32 && !VM86(s)) { + if (CODE32(s) && !VM86(s)) { static const int pp_prefix[4] = { 0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ }; @@ -4686,13 +4687,13 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) aflag = (prefixes & PREFIX_ADR ? MO_32 : MO_64); } else { /* In 16/32-bit mode, 0x66 selects the opposite data size. */ - if (s->code32 ^ ((prefixes & PREFIX_DATA) != 0)) { + if (CODE32(s) ^ ((prefixes & PREFIX_DATA) != 0)) { dflag = MO_32; } else { dflag = MO_16; } /* In 16/32-bit mode, 0x67 selects the opposite addressing. */ - if (s->code32 ^ ((prefixes & PREFIX_ADR) != 0)) { + if (CODE32(s) ^ ((prefixes & PREFIX_ADR) != 0)) { aflag = MO_32; } else { aflag = MO_16; @@ -8494,8 +8495,8 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) g_assert(CPL(dc) == cpl); g_assert(IOPL(dc) == iopl); g_assert(VM86(dc) == ((flags & HF_VM_MASK) != 0)); + g_assert(CODE32(dc) == ((flags & HF_CS32_MASK) != 0)); - dc->code32 = (flags >> HF_CS32_SHIFT) & 1; dc->ss32 = (flags >> HF_SS32_SHIFT) & 1; dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1; dc->f_st = 0; From b40a47a17f9e5ed75287e9f6b6fb1b9d4a3a0c25 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:03 -0500 Subject: [PATCH 11/50] target/i386: Assert SS32 for x86_64 user-only For user-only, SS32 == !VM86, because we are never in real-mode. Since we cannot enter vm86 mode for x86_64 user-only, SS32 is always set. Since we're adding an accessor macro, pull the value directly out of flags otherwise. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-12-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index b5709214109b..7b5031f64722 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -107,7 +107,6 @@ typedef struct DisasContext { #endif int vex_l; /* vex vector length */ int vex_v; /* vex vvvv register, without 1's complement. */ - int ss32; /* 32 bit stack segment */ CCOp cc_op; /* current CC operation */ bool cc_op_dirty; #ifdef TARGET_X86_64 @@ -160,9 +159,11 @@ typedef struct DisasContext { #if defined(CONFIG_USER_ONLY) && defined(TARGET_X86_64) #define VM86(S) false #define CODE32(S) true +#define SS32(S) true #else #define VM86(S) (((S)->flags & HF_VM_MASK) != 0) #define CODE32(S) (((S)->flags & HF_CS32_MASK) != 0) +#define SS32(S) (((S)->flags & HF_SS32_MASK) != 0) #endif static void gen_eob(DisasContext *s); @@ -352,7 +353,7 @@ static inline MemOp mo_pushpop(DisasContext *s, MemOp ot) /* Select the size of the stack pointer. */ static inline MemOp mo_stacksize(DisasContext *s) { - return CODE64(s) ? MO_64 : s->ss32 ? MO_32 : MO_16; + return CODE64(s) ? MO_64 : SS32(s) ? MO_32 : MO_16; } /* Select only size 64 else 32. Used for SSE operand sizes. */ @@ -2451,12 +2452,12 @@ static inline void gen_pop_update(DisasContext *s, MemOp ot) static inline void gen_stack_A0(DisasContext *s) { - gen_lea_v_seg(s, s->ss32 ? MO_32 : MO_16, cpu_regs[R_ESP], R_SS, -1); + gen_lea_v_seg(s, SS32(s) ? MO_32 : MO_16, cpu_regs[R_ESP], R_SS, -1); } static void gen_pusha(DisasContext *s) { - MemOp s_ot = s->ss32 ? MO_32 : MO_16; + MemOp s_ot = SS32(s) ? MO_32 : MO_16; MemOp d_ot = s->dflag; int size = 1 << d_ot; int i; @@ -2472,7 +2473,7 @@ static void gen_pusha(DisasContext *s) static void gen_popa(DisasContext *s) { - MemOp s_ot = s->ss32 ? MO_32 : MO_16; + MemOp s_ot = SS32(s) ? MO_32 : MO_16; MemOp d_ot = s->dflag; int size = 1 << d_ot; int i; @@ -2494,7 +2495,7 @@ static void gen_popa(DisasContext *s) static void gen_enter(DisasContext *s, int esp_addend, int level) { MemOp d_ot = mo_pushpop(s, s->dflag); - MemOp a_ot = CODE64(s) ? MO_64 : s->ss32 ? MO_32 : MO_16; + MemOp a_ot = CODE64(s) ? MO_64 : SS32(s) ? MO_32 : MO_16; int size = 1 << d_ot; /* Push BP; compute FrameTemp into T1. */ @@ -8496,8 +8497,8 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) g_assert(IOPL(dc) == iopl); g_assert(VM86(dc) == ((flags & HF_VM_MASK) != 0)); g_assert(CODE32(dc) == ((flags & HF_CS32_MASK) != 0)); + g_assert(SS32(dc) == ((flags & HF_SS32_MASK) != 0)); - dc->ss32 = (flags >> HF_SS32_SHIFT) & 1; dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1; dc->f_st = 0; dc->tf = (flags >> TF_SHIFT) & 1; From eec7d0f8386b600046843117d86b1189491cc5df Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:04 -0500 Subject: [PATCH 12/50] target/i386: Assert CODE64 for x86_64 user-only For x86_64 user-only, there is no way to leave 64-bit mode. Without x86_64, there is no way to enter 64-bit mode. There is an existing macro to aid with that; simply place it in the right place in the ifdef chain. Since we're adding an accessor macro, pull the value directly out of flags when we're not assuming a constant. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-13-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 7b5031f64722..e3907f906607 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -41,11 +41,9 @@ #define PREFIX_VEX 0x20 #ifdef TARGET_X86_64 -#define CODE64(s) ((s)->code64) #define REX_X(s) ((s)->rex_x) #define REX_B(s) ((s)->rex_b) #else -#define CODE64(s) 0 #define REX_X(s) 0 #define REX_B(s) 0 #endif @@ -102,7 +100,6 @@ typedef struct DisasContext { #ifdef TARGET_X86_64 int lma; /* long mode active */ - int code64; /* 64 bit code segment */ int rex_x, rex_b; #endif int vex_l; /* vex vector length */ @@ -165,6 +162,13 @@ typedef struct DisasContext { #define CODE32(S) (((S)->flags & HF_CS32_MASK) != 0) #define SS32(S) (((S)->flags & HF_SS32_MASK) != 0) #endif +#if !defined(TARGET_X86_64) +#define CODE64(S) false +#elif defined(CONFIG_USER_ONLY) +#define CODE64(S) true +#else +#define CODE64(S) (((S)->flags & HF_CS64_MASK) != 0) +#endif static void gen_eob(DisasContext *s); static void gen_jr(DisasContext *s, TCGv dest); @@ -8497,6 +8501,7 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) g_assert(IOPL(dc) == iopl); g_assert(VM86(dc) == ((flags & HF_VM_MASK) != 0)); g_assert(CODE32(dc) == ((flags & HF_CS32_MASK) != 0)); + g_assert(CODE64(dc) == ((flags & HF_CS64_MASK) != 0)); g_assert(SS32(dc) == ((flags & HF_SS32_MASK) != 0)); dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1; @@ -8518,7 +8523,6 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) dc->cpuid_xsave_features = env->features[FEAT_XSAVE]; #ifdef TARGET_X86_64 dc->lma = (flags >> HF_LMA_SHIFT) & 1; - dc->code64 = (flags >> HF_CS64_SHIFT) & 1; #endif dc->jmp_opt = !(dc->tf || dc->base.singlestep_enabled || (flags & HF_INHIBIT_IRQ_MASK)); From 73e90dc458b8f7d5802fc364359c125305ea04fa Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:05 -0500 Subject: [PATCH 13/50] target/i386: Assert LMA for x86_64 user-only LMA is a pre-requisite for CODE64, so there is no way to disable it for x86_64-linux-user, and there is no way to enable it for i386. Since we're adding an accessor macro, pull the value directly out of flags when we're not assuming a constant. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-14-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index e3907f906607..9c8a40569429 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -99,7 +99,6 @@ typedef struct DisasContext { #endif #ifdef TARGET_X86_64 - int lma; /* long mode active */ int rex_x, rex_b; #endif int vex_l; /* vex vector length */ @@ -164,10 +163,13 @@ typedef struct DisasContext { #endif #if !defined(TARGET_X86_64) #define CODE64(S) false +#define LMA(S) false #elif defined(CONFIG_USER_ONLY) #define CODE64(S) true +#define LMA(S) true #else #define CODE64(S) (((S)->flags & HF_CS64_MASK) != 0) +#define LMA(S) (((S)->flags & HF_LMA_MASK) != 0) #endif static void gen_eob(DisasContext *s); @@ -7295,7 +7297,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) } else { gen_helper_sysret(cpu_env, tcg_const_i32(dflag - 1)); /* condition codes are modified only in long mode */ - if (s->lma) { + if (LMA(s)) { set_cc_op(s, CC_OP_EFLAGS); } /* TF handling for the sysret insn is different. The TF bit is @@ -8503,6 +8505,7 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) g_assert(CODE32(dc) == ((flags & HF_CS32_MASK) != 0)); g_assert(CODE64(dc) == ((flags & HF_CS64_MASK) != 0)); g_assert(SS32(dc) == ((flags & HF_SS32_MASK) != 0)); + g_assert(LMA(dc) == ((flags & HF_LMA_MASK) != 0)); dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1; dc->f_st = 0; @@ -8521,9 +8524,6 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) dc->cpuid_ext3_features = env->features[FEAT_8000_0001_ECX]; dc->cpuid_7_0_ebx_features = env->features[FEAT_7_0_EBX]; dc->cpuid_xsave_features = env->features[FEAT_XSAVE]; -#ifdef TARGET_X86_64 - dc->lma = (flags >> HF_LMA_SHIFT) & 1; -#endif dc->jmp_opt = !(dc->tf || dc->base.singlestep_enabled || (flags & HF_INHIBIT_IRQ_MASK)); /* Do not optimize repz jumps at all in icount mode, because From beedb93c04bd90868d49f640cdf9dbb439c9fa8f Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:06 -0500 Subject: [PATCH 14/50] target/i386: Assert !ADDSEG for x86_64 user-only LMA disables traditional segmentation, exposing a flat address space. This means that ADDSEG is off. Since we're adding an accessor macro, pull the value directly out of flags otherwise. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-15-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 9c8a40569429..7d7ab3e03d63 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -108,7 +108,6 @@ typedef struct DisasContext { #ifdef TARGET_X86_64 bool x86_64_hregs; #endif - int addseg; /* non zero if either DS/ES/SS have a non zero base */ int f_st; /* currently unused */ int tf; /* TF cpu flag */ int jmp_opt; /* use direct block chaining for direct jumps */ @@ -156,10 +155,12 @@ typedef struct DisasContext { #define VM86(S) false #define CODE32(S) true #define SS32(S) true +#define ADDSEG(S) false #else #define VM86(S) (((S)->flags & HF_VM_MASK) != 0) #define CODE32(S) (((S)->flags & HF_CS32_MASK) != 0) #define SS32(S) (((S)->flags & HF_SS32_MASK) != 0) +#define ADDSEG(S) (((S)->flags & HF_ADDSEG_MASK) != 0) #endif #if !defined(TARGET_X86_64) #define CODE64(S) false @@ -492,7 +493,7 @@ static void gen_lea_v_seg(DisasContext *s, MemOp aflag, TCGv a0, #endif case MO_32: /* 32 bit address */ - if (ovr_seg < 0 && s->addseg) { + if (ovr_seg < 0 && ADDSEG(s)) { ovr_seg = def_seg; } if (ovr_seg < 0) { @@ -505,7 +506,7 @@ static void gen_lea_v_seg(DisasContext *s, MemOp aflag, TCGv a0, tcg_gen_ext16u_tl(s->A0, a0); a0 = s->A0; if (ovr_seg < 0) { - if (s->addseg) { + if (ADDSEG(s)) { ovr_seg = def_seg; } else { return; @@ -2429,7 +2430,7 @@ static void gen_push_v(DisasContext *s, TCGv val) tcg_gen_subi_tl(s->A0, cpu_regs[R_ESP], size); if (!CODE64(s)) { - if (s->addseg) { + if (ADDSEG(s)) { new_esp = s->tmp4; tcg_gen_mov_tl(new_esp, s->A0); } @@ -8506,8 +8507,8 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) g_assert(CODE64(dc) == ((flags & HF_CS64_MASK) != 0)); g_assert(SS32(dc) == ((flags & HF_SS32_MASK) != 0)); g_assert(LMA(dc) == ((flags & HF_LMA_MASK) != 0)); + g_assert(ADDSEG(dc) == ((flags & HF_ADDSEG_MASK) != 0)); - dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1; dc->f_st = 0; dc->tf = (flags >> TF_SHIFT) & 1; dc->cc_op = CC_OP_DYNAMIC; From 1e92b7275c633cada8f8b6fc919b350bafdfc17c Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:07 -0500 Subject: [PATCH 15/50] target/i386: Introduce REX_PREFIX The existing flag, x86_64_hregs, does not accurately describe its setting. It is true if and only if a REX prefix has been seen. Yes, that affects the "h" regs, but that's secondary. Add PREFIX_REX and include this bit in s->prefix. Add REX_PREFIX so that the check folds away when x86_64 is compiled out. Fold away the reg >= 8 check, because bit 3 of the register number comes from the REX prefix in the first place. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-16-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 7d7ab3e03d63..79a37fb1a796 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -39,6 +39,7 @@ #define PREFIX_DATA 0x08 #define PREFIX_ADR 0x10 #define PREFIX_VEX 0x20 +#define PREFIX_REX 0x40 #ifdef TARGET_X86_64 #define REX_X(s) ((s)->rex_x) @@ -105,9 +106,6 @@ typedef struct DisasContext { int vex_v; /* vex vvvv register, without 1's complement. */ CCOp cc_op; /* current CC operation */ bool cc_op_dirty; -#ifdef TARGET_X86_64 - bool x86_64_hregs; -#endif int f_st; /* currently unused */ int tf; /* TF cpu flag */ int jmp_opt; /* use direct block chaining for direct jumps */ @@ -173,6 +171,12 @@ typedef struct DisasContext { #define LMA(S) (((S)->flags & HF_LMA_MASK) != 0) #endif +#ifdef TARGET_X86_64 +#define REX_PREFIX(S) (((S)->prefix & PREFIX_REX) != 0) +#else +#define REX_PREFIX(S) false +#endif + static void gen_eob(DisasContext *s); static void gen_jr(DisasContext *s, TCGv dest); static void gen_jmp(DisasContext *s, target_ulong eip); @@ -336,14 +340,10 @@ static void gen_update_cc_op(DisasContext *s) */ static inline bool byte_reg_is_xH(DisasContext *s, int reg) { - if (reg < 4) { - return false; - } -#ifdef TARGET_X86_64 - if (reg >= 8 || s->x86_64_hregs) { + /* Any time the REX prefix is present, byte registers are uniform */ + if (reg < 4 || REX_PREFIX(s)) { return false; } -#endif return true; } @@ -4559,7 +4559,6 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) #ifdef TARGET_X86_64 s->rex_x = 0; s->rex_b = 0; - s->x86_64_hregs = false; #endif s->rip_offset = 0; /* for relative ip address */ s->vex_l = 0; @@ -4614,12 +4613,11 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x40 ... 0x4f: if (CODE64(s)) { /* REX prefix */ + prefixes |= PREFIX_REX; rex_w = (b >> 3) & 1; rex_r = (b & 0x4) << 1; s->rex_x = (b & 0x2) << 2; REX_B(s) = (b & 0x1) << 3; - /* select uniform byte register addressing */ - s->x86_64_hregs = true; goto next_byte; } break; @@ -4643,14 +4641,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) /* 4.1.1-4.1.3: No preceding lock, 66, f2, f3, or rex prefixes. */ if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ - | PREFIX_LOCK | PREFIX_DATA)) { + | PREFIX_LOCK | PREFIX_DATA | PREFIX_REX)) { goto illegal_op; } -#ifdef TARGET_X86_64 - if (s->x86_64_hregs) { - goto illegal_op; - } -#endif rex_r = (~vex2 >> 4) & 8; if (b == 0xc5) { /* 2-byte VEX prefix: RVVVVlpp, implied 0f leading opcode byte */ From 915ffe89a555817a08de661612a18e43df244d9c Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:08 -0500 Subject: [PATCH 16/50] target/i386: Tidy REX_B, REX_X definition Change the storage from int to uint8_t since the value is in {0,8}. For x86_64 add 0 in the macros to (1) promote the type back to int, and (2) make the macro an rvalue. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-17-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 79a37fb1a796..9bb37215d834 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -41,14 +41,6 @@ #define PREFIX_VEX 0x20 #define PREFIX_REX 0x40 -#ifdef TARGET_X86_64 -#define REX_X(s) ((s)->rex_x) -#define REX_B(s) ((s)->rex_b) -#else -#define REX_X(s) 0 -#define REX_B(s) 0 -#endif - #ifdef TARGET_X86_64 # define ctztl ctz64 # define clztl clz64 @@ -100,7 +92,8 @@ typedef struct DisasContext { #endif #ifdef TARGET_X86_64 - int rex_x, rex_b; + uint8_t rex_x; + uint8_t rex_b; #endif int vex_l; /* vex vector length */ int vex_v; /* vex vvvv register, without 1's complement. */ @@ -173,8 +166,12 @@ typedef struct DisasContext { #ifdef TARGET_X86_64 #define REX_PREFIX(S) (((S)->prefix & PREFIX_REX) != 0) +#define REX_X(S) ((S)->rex_x + 0) +#define REX_B(S) ((S)->rex_b + 0) #else #define REX_PREFIX(S) false +#define REX_X(S) 0 +#define REX_B(S) 0 #endif static void gen_eob(DisasContext *s); @@ -4617,7 +4614,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) rex_w = (b >> 3) & 1; rex_r = (b & 0x4) << 1; s->rex_x = (b & 0x2) << 2; - REX_B(s) = (b & 0x1) << 3; + s->rex_b = (b & 0x1) << 3; goto next_byte; } break; From bbdb4237c55ff0423d14dc1833749c8307e178a4 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:09 -0500 Subject: [PATCH 17/50] target/i386: Move rex_r into DisasContext Treat this flag exactly like we treat rex_b and rex_x. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-18-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 84 ++++++++++++++++++++----------------- 1 file changed, 45 insertions(+), 39 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 9bb37215d834..22175c662830 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -92,6 +92,7 @@ typedef struct DisasContext { #endif #ifdef TARGET_X86_64 + uint8_t rex_r; uint8_t rex_x; uint8_t rex_b; #endif @@ -166,10 +167,12 @@ typedef struct DisasContext { #ifdef TARGET_X86_64 #define REX_PREFIX(S) (((S)->prefix & PREFIX_REX) != 0) +#define REX_R(S) ((S)->rex_r + 0) #define REX_X(S) ((S)->rex_x + 0) #define REX_B(S) ((S)->rex_b + 0) #else #define REX_PREFIX(S) false +#define REX_R(S) 0 #define REX_X(S) 0 #define REX_B(S) 0 #endif @@ -3094,7 +3097,7 @@ static const struct SSEOpHelper_eppi sse_op_table7[256] = { }; static void gen_sse(CPUX86State *env, DisasContext *s, int b, - target_ulong pc_start, int rex_r) + target_ulong pc_start) { int b1, op1_offset, op2_offset, is_xmm, val; int modrm, mod, rm, reg; @@ -3164,8 +3167,9 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, modrm = x86_ldub_code(env, s); reg = ((modrm >> 3) & 7); - if (is_xmm) - reg |= rex_r; + if (is_xmm) { + reg |= REX_R(s); + } mod = (modrm >> 6) & 3; if (sse_fn_epp == SSE_SPECIAL) { b |= (b1 << 8); @@ -3699,7 +3703,7 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, tcg_gen_ld16u_tl(s->T0, cpu_env, offsetof(CPUX86State,fpregs[rm].mmx.MMX_W(val))); } - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); gen_op_mov_reg_v(s, ot, reg, s->T0); break; case 0x1d6: /* movq ea, xmm */ @@ -3743,7 +3747,7 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, offsetof(CPUX86State, fpregs[rm].mmx)); gen_helper_pmovmskb_mmx(s->tmp2_i32, cpu_env, s->ptr0); } - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); tcg_gen_extu_i32_tl(cpu_regs[reg], s->tmp2_i32); break; @@ -3755,7 +3759,7 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, } modrm = x86_ldub_code(env, s); rm = modrm & 7; - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); mod = (modrm >> 6) & 3; if (b1 >= 2) { goto unknown_op; @@ -3831,7 +3835,7 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, /* Various integer extensions at 0f 38 f[0-f]. */ b = modrm | (b1 << 8); modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); switch (b) { case 0x3f0: /* crc32 Gd,Eb */ @@ -4185,7 +4189,7 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, b = modrm; modrm = x86_ldub_code(env, s); rm = modrm & 7; - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); mod = (modrm >> 6) & 3; if (b1 >= 2) { goto unknown_op; @@ -4205,7 +4209,7 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, rm = (modrm & 7) | REX_B(s); if (mod != 3) gen_lea_modrm(env, s, modrm); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); val = x86_ldub_code(env, s); switch (b) { case 0x14: /* pextrb */ @@ -4374,7 +4378,7 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, /* Various integer extensions at 0f 3a f[0-f]. */ b = modrm | (b1 << 8); modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); switch (b) { case 0x3f0: /* rorx Gy,Ey, Ib */ @@ -4548,12 +4552,13 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) MemOp ot, aflag, dflag; int modrm, reg, rm, mod, op, opreg, val; target_ulong next_eip, tval; - int rex_w, rex_r; + int rex_w; target_ulong pc_start = s->base.pc_next; s->pc_start = s->pc = pc_start; s->override = -1; #ifdef TARGET_X86_64 + s->rex_r = 0; s->rex_x = 0; s->rex_b = 0; #endif @@ -4567,7 +4572,6 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) prefixes = 0; rex_w = -1; - rex_r = 0; next_byte: b = x86_ldub_code(env, s); @@ -4612,7 +4616,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) /* REX prefix */ prefixes |= PREFIX_REX; rex_w = (b >> 3) & 1; - rex_r = (b & 0x4) << 1; + s->rex_r = (b & 0x4) << 1; s->rex_x = (b & 0x2) << 2; s->rex_b = (b & 0x1) << 3; goto next_byte; @@ -4641,7 +4645,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) | PREFIX_LOCK | PREFIX_DATA | PREFIX_REX)) { goto illegal_op; } - rex_r = (~vex2 >> 4) & 8; +#ifdef TARGET_X86_64 + s->rex_r = (~vex2 >> 4) & 8; +#endif if (b == 0xc5) { /* 2-byte VEX prefix: RVVVVlpp, implied 0f leading opcode byte */ vex3 = vex2; @@ -4731,7 +4737,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) switch(f) { case 0: /* OP Ev, Gv */ modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); mod = (modrm >> 6) & 3; rm = (modrm & 7) | REX_B(s); if (mod != 3) { @@ -4753,7 +4759,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 1: /* OP Gv, Ev */ modrm = x86_ldub_code(env, s); mod = (modrm >> 6) & 3; - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); rm = (modrm & 7) | REX_B(s); if (mod != 3) { gen_lea_modrm(env, s, modrm); @@ -5179,7 +5185,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) ot = mo_b_d(b, dflag); modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0); gen_op_mov_v_reg(s, ot, s->T1, reg); @@ -5251,7 +5257,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x6b: ot = dflag; modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); if (b == 0x69) s->rip_offset = insn_const_size(ot); else if (b == 0x6b) @@ -5303,7 +5309,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x1c1: /* xadd Ev, Gv */ ot = mo_b_d(b, dflag); modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); mod = (modrm >> 6) & 3; gen_op_mov_v_reg(s, ot, s->T0, reg); if (mod == 3) { @@ -5335,7 +5341,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) ot = mo_b_d(b, dflag); modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); mod = (modrm >> 6) & 3; oldv = tcg_temp_new(); newv = tcg_temp_new(); @@ -5557,7 +5563,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x89: /* mov Gv, Ev */ ot = mo_b_d(b, dflag); modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); /* generate a generic store */ gen_ldst_modrm(env, s, modrm, ot, reg, 1); @@ -5583,7 +5589,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x8b: /* mov Ev, Gv */ ot = mo_b_d(b, dflag); modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0); gen_op_mov_reg_v(s, ot, reg, s->T0); @@ -5633,7 +5639,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) s_ot = b & 8 ? MO_SIGN | ot : ot; modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); mod = (modrm >> 6) & 3; rm = (modrm & 7) | REX_B(s); @@ -5672,7 +5678,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) mod = (modrm >> 6) & 3; if (mod == 3) goto illegal_op; - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); { AddressParts a = gen_lea_modrm_0(env, s, modrm); TCGv ea = gen_lea_modrm_1(s, a); @@ -5754,7 +5760,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x87: /* xchg Ev, Gv */ ot = mo_b_d(b, dflag); modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); mod = (modrm >> 6) & 3; if (mod == 3) { rm = (modrm & 7) | REX_B(s); @@ -5791,7 +5797,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) do_lxx: ot = dflag != MO_16 ? MO_32 : MO_16; modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); mod = (modrm >> 6) & 3; if (mod == 3) goto illegal_op; @@ -5874,7 +5880,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) modrm = x86_ldub_code(env, s); mod = (modrm >> 6) & 3; rm = (modrm & 7) | REX_B(s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); if (mod != 3) { gen_lea_modrm(env, s, modrm); opreg = OR_TMP0; @@ -6728,7 +6734,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) } ot = dflag; modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); gen_cmovcc1(env, s, ot, b, modrm, reg); break; @@ -6874,7 +6880,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) do_btx: ot = dflag; modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); mod = (modrm >> 6) & 3; rm = (modrm & 7) | REX_B(s); gen_op_mov_v_reg(s, MO_32, s->T1, reg); @@ -6979,7 +6985,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x1bd: /* bsr / lzcnt */ ot = dflag; modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0); gen_extu(ot, s->T0); @@ -7706,7 +7712,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) d_ot = dflag; modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); mod = (modrm >> 6) & 3; rm = (modrm & 7) | REX_B(s); @@ -7780,7 +7786,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; ot = dflag != MO_16 ? MO_32 : MO_16; modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); t0 = tcg_temp_local_new(); gen_update_cc_op(s); @@ -7821,7 +7827,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) modrm = x86_ldub_code(env, s); if (s->flags & HF_MPX_EN_MASK) { mod = (modrm >> 6) & 3; - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); if (prefixes & PREFIX_REPZ) { /* bndcl */ if (reg >= 4 @@ -7911,7 +7917,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) modrm = x86_ldub_code(env, s); if (s->flags & HF_MPX_EN_MASK) { mod = (modrm >> 6) & 3; - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); if (mod != 3 && (prefixes & PREFIX_REPZ)) { /* bndmk */ if (reg >= 4 @@ -8023,7 +8029,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) * are assumed to be 1's, regardless of actual values. */ rm = (modrm & 7) | REX_B(s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); if (CODE64(s)) ot = MO_64; else @@ -8076,7 +8082,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) * are assumed to be 1's, regardless of actual values. */ rm = (modrm & 7) | REX_B(s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); if (CODE64(s)) ot = MO_64; else @@ -8118,7 +8124,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) mod = (modrm >> 6) & 3; if (mod == 3) goto illegal_op; - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); /* generate a generic store */ gen_ldst_modrm(env, s, modrm, ot, reg, 1); break; @@ -8350,7 +8356,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; modrm = x86_ldub_code(env, s); - reg = ((modrm >> 3) & 7) | rex_r; + reg = ((modrm >> 3) & 7) | REX_R(s); if (s->prefix & PREFIX_DATA) { ot = MO_16; @@ -8378,7 +8384,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x1c2: case 0x1c4 ... 0x1c6: case 0x1d0 ... 0x1fe: - gen_sse(env, s, b, pc_start, rex_r); + gen_sse(env, s, b, pc_start); break; default: goto unknown_op; From 8ab1e4860b092b93f6c77ef5ffb22b3affe77d62 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:10 -0500 Subject: [PATCH 18/50] target/i386: Move rex_w into DisasContext Treat this flag exactly like we treat the other rex bits. The -1 initialization is unused; the two tests are > 0 and == 1, so the value can be reduced to a bool. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-19-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 22175c662830..4222f09b6f2b 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -95,6 +95,7 @@ typedef struct DisasContext { uint8_t rex_r; uint8_t rex_x; uint8_t rex_b; + bool rex_w; #endif int vex_l; /* vex vector length */ int vex_v; /* vex vvvv register, without 1's complement. */ @@ -167,11 +168,13 @@ typedef struct DisasContext { #ifdef TARGET_X86_64 #define REX_PREFIX(S) (((S)->prefix & PREFIX_REX) != 0) +#define REX_W(S) ((S)->rex_w) #define REX_R(S) ((S)->rex_r + 0) #define REX_X(S) ((S)->rex_x + 0) #define REX_B(S) ((S)->rex_b + 0) #else #define REX_PREFIX(S) false +#define REX_W(S) false #define REX_R(S) 0 #define REX_X(S) 0 #define REX_B(S) 0 @@ -4552,12 +4555,12 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) MemOp ot, aflag, dflag; int modrm, reg, rm, mod, op, opreg, val; target_ulong next_eip, tval; - int rex_w; target_ulong pc_start = s->base.pc_next; s->pc_start = s->pc = pc_start; s->override = -1; #ifdef TARGET_X86_64 + s->rex_w = false; s->rex_r = 0; s->rex_x = 0; s->rex_b = 0; @@ -4571,7 +4574,6 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) } prefixes = 0; - rex_w = -1; next_byte: b = x86_ldub_code(env, s); @@ -4615,7 +4617,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (CODE64(s)) { /* REX prefix */ prefixes |= PREFIX_REX; - rex_w = (b >> 3) & 1; + s->rex_w = (b >> 3) & 1; s->rex_r = (b & 0x4) << 1; s->rex_x = (b & 0x2) << 2; s->rex_b = (b & 0x1) << 3; @@ -4654,12 +4656,12 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) b = x86_ldub_code(env, s) | 0x100; } else { /* 3-byte VEX prefix: RXBmmmmm wVVVVlpp */ + vex3 = x86_ldub_code(env, s); #ifdef TARGET_X86_64 s->rex_x = (~vex2 >> 3) & 8; s->rex_b = (~vex2 >> 2) & 8; + s->rex_w = (vex3 >> 7) & 1; #endif - vex3 = x86_ldub_code(env, s); - rex_w = (vex3 >> 7) & 1; switch (vex2 & 0x1f) { case 0x01: /* Implied 0f leading opcode bytes. */ b = x86_ldub_code(env, s) | 0x100; @@ -4686,7 +4688,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) /* In 64-bit mode, the default data size is 32-bit. Select 64-bit data with rex_w, and 16-bit data with 0x66; rex_w takes precedence over 0x66 if both are present. */ - dflag = (rex_w > 0 ? MO_64 : prefixes & PREFIX_DATA ? MO_16 : MO_32); + dflag = (REX_W(s) ? MO_64 : prefixes & PREFIX_DATA ? MO_16 : MO_32); /* In 64-bit mode, 0x67 selects 32-bit addressing. */ aflag = (prefixes & PREFIX_ADR ? MO_32 : MO_64); } else { @@ -5082,7 +5084,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) /* operand size for jumps is 64 bit */ ot = MO_64; } else if (op == 3 || op == 5) { - ot = dflag != MO_16 ? MO_32 + (rex_w == 1) : MO_16; + ot = dflag != MO_16 ? MO_32 + REX_W(s) : MO_16; } else if (op == 6) { /* default push size is 64 bit */ ot = mo_pushpop(s, dflag); From 0046060e5dc232beb4dc942ec76852841739c109 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:11 -0500 Subject: [PATCH 19/50] target/i386: Remove DisasContext.f_st as unused Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-20-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 4222f09b6f2b..7e296b39f55a 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -101,7 +101,6 @@ typedef struct DisasContext { int vex_v; /* vex vvvv register, without 1's complement. */ CCOp cc_op; /* current CC operation */ bool cc_op_dirty; - int f_st; /* currently unused */ int tf; /* TF cpu flag */ int jmp_opt; /* use direct block chaining for direct jumps */ int repz_opt; /* optimize jumps within repz instructions */ @@ -8507,7 +8506,6 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) g_assert(LMA(dc) == ((flags & HF_LMA_MASK) != 0)); g_assert(ADDSEG(dc) == ((flags & HF_ADDSEG_MASK) != 0)); - dc->f_st = 0; dc->tf = (flags >> TF_SHIFT) & 1; dc->cc_op = CC_OP_DYNAMIC; dc->cc_op_dirty = false; From c6ad6f44ed970fd5d531b1f030944d35d4fde246 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:12 -0500 Subject: [PATCH 20/50] target/i386: Reduce DisasContext.flags to uint32_t The value comes from tb->flags, which is uint32_t. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-21-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 7e296b39f55a..ca7f0a8cf463 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -105,7 +105,7 @@ typedef struct DisasContext { int jmp_opt; /* use direct block chaining for direct jumps */ int repz_opt; /* optimize jumps within repz instructions */ int mem_index; /* select memory access functions */ - uint64_t flags; /* all execution flags */ + uint32_t flags; /* all execution flags */ int popl_esp_hack; /* for correct popl with esp base handling */ int rip_offset; /* only used in x86_64, but left for simplicity */ int cpuid_features; From c651f3a3cbb595841933f2c170974b54152db35e Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:13 -0500 Subject: [PATCH 21/50] target/i386: Reduce DisasContext.override to int8_t The range of values is -1 (none) to 5 (R_GS). Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-22-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index ca7f0a8cf463..44a28858aa0c 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -77,7 +77,7 @@ typedef struct DisasContext { DisasContextBase base; /* current insn context */ - int override; /* -1 if no override */ + int8_t override; /* -1 if no override, else R_CS, R_DS, etc */ int prefix; MemOp aflag; MemOp dflag; From a8b9b657a0825dda1ce0f61f60543b44261239bf Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:14 -0500 Subject: [PATCH 22/50] target/i386: Reduce DisasContext.prefix to uint8_t The highest bit in this set is 0x40 (PREFIX_REX). Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-23-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 44a28858aa0c..61c0573c2f2a 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -78,7 +78,7 @@ typedef struct DisasContext { /* current insn context */ int8_t override; /* -1 if no override, else R_CS, R_DS, etc */ - int prefix; + uint8_t prefix; MemOp aflag; MemOp dflag; target_ulong pc_start; From a77ca425d741b9806a2d15afdc6ed53c85777f8f Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:15 -0500 Subject: [PATCH 23/50] target/i386: Reduce DisasContext.vex_[lv] to uint8_t MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently, vex_l is either {0,1}; if in the future we implement AVX-512, the max value will be 2. In vex_v we store a register number. This is 0-15 for SSE, and 0-31 for AVX-512. Signed-off-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-24-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 61c0573c2f2a..1367e53e4e7d 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -97,8 +97,8 @@ typedef struct DisasContext { uint8_t rex_b; bool rex_w; #endif - int vex_l; /* vex vector length */ - int vex_v; /* vex vvvv register, without 1's complement. */ + uint8_t vex_l; /* vex vector length */ + uint8_t vex_v; /* vex vvvv register, without 1's complement. */ CCOp cc_op; /* current CC operation */ bool cc_op_dirty; int tf; /* TF cpu flag */ From 5862579473cffed0ced8d8ccd707673c5387a165 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:16 -0500 Subject: [PATCH 24/50] target/i386: Reduce DisasContext popl_esp_hack and rip_offset to uint8_t Both of these fields store the size of a single memory access, so the range of values is 0-8. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-25-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 1367e53e4e7d..847502046f46 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -106,8 +106,8 @@ typedef struct DisasContext { int repz_opt; /* optimize jumps within repz instructions */ int mem_index; /* select memory access functions */ uint32_t flags; /* all execution flags */ - int popl_esp_hack; /* for correct popl with esp base handling */ - int rip_offset; /* only used in x86_64, but left for simplicity */ + uint8_t popl_esp_hack; /* for correct popl with esp base handling */ + uint8_t rip_offset; /* only used in x86_64, but left for simplicity */ int cpuid_features; int cpuid_ext_features; int cpuid_ext2_features; From c1de1a1ace8812119aa3184932db25db60bb27dd Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:17 -0500 Subject: [PATCH 25/50] target/i386: Leave TF in DisasContext.flags It's just as easy to clear the flag with AND than assignment. In two cases the test for the bit can be folded together with the test for HF_INHIBIT_IRQ_MASK. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-26-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 847502046f46..3f6214c624f3 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -101,7 +101,6 @@ typedef struct DisasContext { uint8_t vex_v; /* vex vvvv register, without 1's complement. */ CCOp cc_op; /* current CC operation */ bool cc_op_dirty; - int tf; /* TF cpu flag */ int jmp_opt; /* use direct block chaining for direct jumps */ int repz_opt; /* optimize jumps within repz instructions */ int mem_index; /* select memory access functions */ @@ -2656,7 +2655,7 @@ do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr) } else if (recheck_tf) { gen_helper_rechecking_single_step(cpu_env); tcg_gen_exit_tb(NULL, 0); - } else if (s->tf) { + } else if (s->flags & HF_TF_MASK) { gen_helper_single_step(cpu_env); } else if (jr) { tcg_gen_lookup_and_goto_ptr(); @@ -5540,7 +5539,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (s->base.is_jmp) { gen_jmp_im(s, s->pc - s->cs_base); if (reg == R_SS) { - s->tf = 0; + s->flags &= ~HF_TF_MASK; gen_eob_inhibit_irq(s, true); } else { gen_eob(s); @@ -5606,7 +5605,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (s->base.is_jmp) { gen_jmp_im(s, s->pc - s->cs_base); if (reg == R_SS) { - s->tf = 0; + s->flags &= ~HF_TF_MASK; gen_eob_inhibit_irq(s, true); } else { gen_eob(s); @@ -8506,7 +8505,6 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) g_assert(LMA(dc) == ((flags & HF_LMA_MASK) != 0)); g_assert(ADDSEG(dc) == ((flags & HF_ADDSEG_MASK) != 0)); - dc->tf = (flags >> TF_SHIFT) & 1; dc->cc_op = CC_OP_DYNAMIC; dc->cc_op_dirty = false; dc->popl_esp_hack = 0; @@ -8521,8 +8519,8 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) dc->cpuid_ext3_features = env->features[FEAT_8000_0001_ECX]; dc->cpuid_7_0_ebx_features = env->features[FEAT_7_0_EBX]; dc->cpuid_xsave_features = env->features[FEAT_XSAVE]; - dc->jmp_opt = !(dc->tf || dc->base.singlestep_enabled || - (flags & HF_INHIBIT_IRQ_MASK)); + dc->jmp_opt = !(dc->base.singlestep_enabled || + (flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK))); /* Do not optimize repz jumps at all in icount mode, because rep movsS instructions are execured with different paths in !repz_opt and repz_opt modes. The first one was used @@ -8597,7 +8595,7 @@ static void i386_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) pc_next = disas_insn(dc, cpu); - if (dc->tf || (dc->base.tb->flags & HF_INHIBIT_IRQ_MASK)) { + if (dc->flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK)) { /* if single step mode, we generate only one instruction and generate an exception */ /* if irq were inhibited with HF_INHIBIT_IRQ_MASK, we clear From 305d08e51260b7d3a6a20c9399ba49f2235c2d25 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:18 -0500 Subject: [PATCH 26/50] target/i386: Reduce DisasContext jmp_opt, repz_opt to bool Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-27-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 3f6214c624f3..b9b94f06256a 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -101,8 +101,8 @@ typedef struct DisasContext { uint8_t vex_v; /* vex vvvv register, without 1's complement. */ CCOp cc_op; /* current CC operation */ bool cc_op_dirty; - int jmp_opt; /* use direct block chaining for direct jumps */ - int repz_opt; /* optimize jumps within repz instructions */ + bool jmp_opt; /* use direct block chaining for direct jumps */ + bool repz_opt; /* optimize jumps within repz instructions */ int mem_index; /* select memory access functions */ uint32_t flags; /* all execution flags */ uint8_t popl_esp_hack; /* for correct popl with esp base handling */ From 3236c2ade2335d9ff3ea53e60cec024863983d90 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:19 -0500 Subject: [PATCH 27/50] target/i386: Fix the comment for repz_opt After fixing a typo in the comment, fixup for CODING_STYLE. Signed-off-by: Richard Henderson Message-Id: <20210514151342.384376-28-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index b9b94f06256a..226fb62ccb6f 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -8521,15 +8521,10 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) dc->cpuid_xsave_features = env->features[FEAT_XSAVE]; dc->jmp_opt = !(dc->base.singlestep_enabled || (flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK))); - /* Do not optimize repz jumps at all in icount mode, because - rep movsS instructions are execured with different paths - in !repz_opt and repz_opt modes. The first one was used - always except single step mode. And this setting - disables jumps optimization and control paths become - equivalent in run and single step modes. - Now there will be no jump optimization for repz in - record/replay modes and there will always be an - additional step for ecx=0 when icount is enabled. + /* + * If jmp_opt, we want to handle each string instruction individually. + * For icount also disable repz optimization so that each iteration + * is accounted separately. */ dc->repz_opt = !dc->jmp_opt && !(tb_cflags(dc->base.tb) & CF_USE_ICOUNT); From a6f62100a8eb0092f613d974142d3789522530f4 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:20 -0500 Subject: [PATCH 28/50] target/i386: Reorder DisasContext members Sort all of the single-byte members to the same area of the structure, eliminating 8 bytes of padding. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-29-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 226fb62ccb6f..5c321b338eaa 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -76,20 +76,24 @@ static TCGv_i64 cpu_bndu[4]; typedef struct DisasContext { DisasContextBase base; - /* current insn context */ - int8_t override; /* -1 if no override, else R_CS, R_DS, etc */ - uint8_t prefix; + target_ulong pc; /* pc = eip + cs_base */ + target_ulong pc_start; /* pc at TB entry */ + target_ulong cs_base; /* base of CS segment */ + MemOp aflag; MemOp dflag; - target_ulong pc_start; - target_ulong pc; /* pc = eip + cs_base */ - /* current block context */ - target_ulong cs_base; /* base of CS segment */ + + int8_t override; /* -1 if no override, else R_CS, R_DS, etc */ + uint8_t prefix; #ifndef CONFIG_USER_ONLY uint8_t cpl; /* code priv level */ uint8_t iopl; /* i/o priv level */ #endif + uint8_t vex_l; /* vex vector length */ + uint8_t vex_v; /* vex vvvv register, without 1's complement. */ + uint8_t popl_esp_hack; /* for correct popl with esp base handling */ + uint8_t rip_offset; /* only used in x86_64, but left for simplicity */ #ifdef TARGET_X86_64 uint8_t rex_r; @@ -97,16 +101,13 @@ typedef struct DisasContext { uint8_t rex_b; bool rex_w; #endif - uint8_t vex_l; /* vex vector length */ - uint8_t vex_v; /* vex vvvv register, without 1's complement. */ - CCOp cc_op; /* current CC operation */ - bool cc_op_dirty; bool jmp_opt; /* use direct block chaining for direct jumps */ bool repz_opt; /* optimize jumps within repz instructions */ + bool cc_op_dirty; + + CCOp cc_op; /* current CC operation */ int mem_index; /* select memory access functions */ uint32_t flags; /* all execution flags */ - uint8_t popl_esp_hack; /* for correct popl with esp base handling */ - uint8_t rip_offset; /* only used in x86_64, but left for simplicity */ int cpuid_features; int cpuid_ext_features; int cpuid_ext2_features; From 9f55e5a947512fdf8f2c4f8ccdfa84efaac8960c Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:21 -0500 Subject: [PATCH 29/50] target/i386: Add stub generator for helper_set_dr This removes an ifdef from the middle of disas_insn, and ensures that the branch is not reachable. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-30-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 5c321b338eaa..28eb0e8adf0c 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -179,6 +179,19 @@ typedef struct DisasContext { #define REX_B(S) 0 #endif +/* + * Many sysemu-only helpers are not reachable for user-only. + * Define stub generators here, so that we need not either sprinkle + * ifdefs through the translator, nor provide the helper function. + */ +#define STUB_HELPER(NAME, ...) \ + static inline void gen_helper_##NAME(__VA_ARGS__) \ + { qemu_build_not_reached(); } + +#ifdef CONFIG_USER_ONLY +STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val) +#endif + static void gen_eob(DisasContext *s); static void gen_jr(DisasContext *s, TCGv dest); static void gen_jmp(DisasContext *s, target_ulong eip); @@ -8075,7 +8088,6 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x121: /* mov reg, drN */ case 0x123: /* mov drN, reg */ if (check_cpl0(s)) { -#ifndef CONFIG_USER_ONLY modrm = x86_ldub_code(env, s); /* Ignore the mod bits (assume (modrm&0xc0)==0xc0). * AMD documentation (24594.pdf) and testing of @@ -8104,7 +8116,6 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_helper_get_dr(s->T0, cpu_env, s->tmp2_i32); gen_op_mov_reg_v(s, ot, rm, s->T0); } -#endif /* !CONFIG_USER_ONLY */ } break; case 0x106: /* clts */ From 5d2238896af628fc3f01dbe73be06fdd5603dedd Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:22 -0500 Subject: [PATCH 30/50] target/i386: Assert !SVME for user-only Most of the VMM instructions are already disabled for user-only, by being usable only from ring 0. The spec is intentionally loose for VMMCALL, allowing the VMM to define syscalls for user-only. However, we're not emulating any VMM, so VMMCALL can just raise #UD unconditionally. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20210514151342.384376-31-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 28eb0e8adf0c..235caa247b48 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -138,10 +138,12 @@ typedef struct DisasContext { #define PE(S) true #define CPL(S) 3 #define IOPL(S) 0 +#define SVME(S) false #else #define PE(S) (((S)->flags & HF_PE_MASK) != 0) #define CPL(S) ((S)->cpl) #define IOPL(S) ((S)->iopl) +#define SVME(S) (((S)->flags & HF_SVME_MASK) != 0) #endif #if defined(CONFIG_USER_ONLY) && defined(TARGET_X86_64) #define VM86(S) false @@ -7495,7 +7497,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xd8: /* VMRUN */ - if (!(s->flags & HF_SVME_MASK) || !PE(s)) { + if (!SVME(s) || !PE(s)) { goto illegal_op; } if (!check_cpl0(s)) { @@ -7510,7 +7512,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xd9: /* VMMCALL */ - if (!(s->flags & HF_SVME_MASK)) { + if (!SVME(s)) { goto illegal_op; } gen_update_cc_op(s); @@ -7519,7 +7521,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xda: /* VMLOAD */ - if (!(s->flags & HF_SVME_MASK) || !PE(s)) { + if (!SVME(s) || !PE(s)) { goto illegal_op; } if (!check_cpl0(s)) { @@ -7531,7 +7533,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xdb: /* VMSAVE */ - if (!(s->flags & HF_SVME_MASK) || !PE(s)) { + if (!SVME(s) || !PE(s)) { goto illegal_op; } if (!check_cpl0(s)) { @@ -7543,8 +7545,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xdc: /* STGI */ - if ((!(s->flags & HF_SVME_MASK) - && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT)) + if ((!SVME(s) && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT)) || !PE(s)) { goto illegal_op; } @@ -7558,7 +7559,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xdd: /* CLGI */ - if (!(s->flags & HF_SVME_MASK) || !PE(s)) { + if (!SVME(s) || !PE(s)) { goto illegal_op; } if (!check_cpl0(s)) { @@ -7570,8 +7571,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xde: /* SKINIT */ - if ((!(s->flags & HF_SVME_MASK) - && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT)) + if ((!SVME(s) && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT)) || !PE(s)) { goto illegal_op; } @@ -7581,7 +7581,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0xdf: /* INVLPGA */ - if (!(s->flags & HF_SVME_MASK) || !PE(s)) { + if (!SVME(s) || !PE(s)) { goto illegal_op; } if (!check_cpl0(s)) { @@ -8516,6 +8516,7 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) g_assert(SS32(dc) == ((flags & HF_SS32_MASK) != 0)); g_assert(LMA(dc) == ((flags & HF_LMA_MASK) != 0)); g_assert(ADDSEG(dc) == ((flags & HF_ADDSEG_MASK) != 0)); + g_assert(SVME(dc) == ((flags & HF_SVME_MASK) != 0)); dc->cc_op = CC_OP_DYNAMIC; dc->cc_op_dirty = false; From b322b3afc1b18ab0f48a3a3b16a252842689ccda Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:23 -0500 Subject: [PATCH 31/50] target/i386: Assert !GUEST for user-only For user-only, we do not need to check for VMM intercept. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-32-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 235caa247b48..200d205d7e66 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -139,11 +139,13 @@ typedef struct DisasContext { #define CPL(S) 3 #define IOPL(S) 0 #define SVME(S) false +#define GUEST(S) false #else #define PE(S) (((S)->flags & HF_PE_MASK) != 0) #define CPL(S) ((S)->cpl) #define IOPL(S) ((S)->iopl) #define SVME(S) (((S)->flags & HF_SVME_MASK) != 0) +#define GUEST(S) (((S)->flags & HF_GUEST_MASK) != 0) #endif #if defined(CONFIG_USER_ONLY) && defined(TARGET_X86_64) #define VM86(S) false @@ -677,7 +679,7 @@ static void gen_check_io(DisasContext *s, MemOp ot, target_ulong cur_eip, tcg_abort(); } } - if(s->flags & HF_GUEST_MASK) { + if (GUEST(s)) { gen_update_cc_op(s); gen_jmp_im(s, cur_eip); svm_flags |= (1 << (4 + ot)); @@ -2417,8 +2419,9 @@ gen_svm_check_intercept_param(DisasContext *s, target_ulong pc_start, uint32_t type, uint64_t param) { /* no SVM activated; fast case */ - if (likely(!(s->flags & HF_GUEST_MASK))) + if (likely(!GUEST(s))) { return; + } gen_update_cc_op(s); gen_jmp_im(s, pc_start - s->cs_base); gen_helper_svm_check_intercept_param(cpu_env, tcg_const_i32(type), @@ -8517,6 +8520,7 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) g_assert(LMA(dc) == ((flags & HF_LMA_MASK) != 0)); g_assert(ADDSEG(dc) == ((flags & HF_ADDSEG_MASK) != 0)); g_assert(SVME(dc) == ((flags & HF_SVME_MASK) != 0)); + g_assert(GUEST(dc) == ((flags & HF_GUEST_MASK) != 0)); dc->cc_op = CC_OP_DYNAMIC; dc->cc_op_dirty = false; From e6aeb948bb7f189a9c17081e69ce39df85feae7f Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:24 -0500 Subject: [PATCH 32/50] target/i386: Implement skinit in translate.c Our sysemu implementation is a stub. We can already intercept instructions for vmexit, and raising #UD is trivial. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-33-richard.henderson@linaro.org> --- target/i386/helper.h | 1 - target/i386/tcg/sysemu/svm_helper.c | 7 ------- target/i386/tcg/translate.c | 7 +++---- target/i386/tcg/user/svm_stubs.c | 4 ---- 4 files changed, 3 insertions(+), 16 deletions(-) diff --git a/target/i386/helper.h b/target/i386/helper.h index 095520f81faa..7a09efd55bbc 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -117,7 +117,6 @@ DEF_HELPER_2(vmload, void, env, int) DEF_HELPER_2(vmsave, void, env, int) DEF_HELPER_1(stgi, void, env) DEF_HELPER_1(clgi, void, env) -DEF_HELPER_1(skinit, void, env) DEF_HELPER_2(invlpga, void, env, int) /* x86 FPU */ diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c index c4e8e717a936..79c73d67afba 100644 --- a/target/i386/tcg/sysemu/svm_helper.c +++ b/target/i386/tcg/sysemu/svm_helper.c @@ -412,13 +412,6 @@ void helper_clgi(CPUX86State *env) env->hflags2 &= ~HF2_GIF_MASK; } -void helper_skinit(CPUX86State *env) -{ - cpu_svm_check_intercept_param(env, SVM_EXIT_SKINIT, 0, GETPC()); - /* XXX: not implemented */ - raise_exception(env, EXCP06_ILLOP); -} - void helper_invlpga(CPUX86State *env, int aflag) { X86CPU *cpu = env_archcpu(env); diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 200d205d7e66..f7f84f79fe27 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -7578,10 +7578,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) || !PE(s)) { goto illegal_op; } - gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); - gen_helper_skinit(cpu_env); - break; + gen_svm_check_intercept(s, pc_start, SVM_EXIT_SKINIT); + /* If not intercepted, not implemented -- raise #UD. */ + goto illegal_op; case 0xdf: /* INVLPGA */ if (!SVME(s) || !PE(s)) { diff --git a/target/i386/tcg/user/svm_stubs.c b/target/i386/tcg/user/svm_stubs.c index 97528b56ad41..63b37f0de669 100644 --- a/target/i386/tcg/user/svm_stubs.c +++ b/target/i386/tcg/user/svm_stubs.c @@ -46,10 +46,6 @@ void helper_clgi(CPUX86State *env) { } -void helper_skinit(CPUX86State *env) -{ -} - void helper_invlpga(CPUX86State *env, int aflag) { } From 8d6806c7dd44f8d8423d0cf0fb9de21ef0501cbe Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:25 -0500 Subject: [PATCH 33/50] target/i386: Eliminate SVM helpers for user-only Use STUB_HELPER to ensure that such calls are always eliminated. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-34-richard.henderson@linaro.org> --- target/i386/helper.h | 3 +-- target/i386/tcg/translate.c | 9 ++++++++ target/i386/tcg/user/svm_stubs.c | 38 -------------------------------- 3 files changed, 10 insertions(+), 40 deletions(-) diff --git a/target/i386/helper.h b/target/i386/helper.h index 7a09efd55bbc..d0f7f07c6c2a 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -107,8 +107,6 @@ DEF_HELPER_2(inl, tl, env, i32) #ifndef CONFIG_USER_ONLY DEF_HELPER_FLAGS_4(bpt_io, TCG_CALL_NO_WG, void, env, i32, i32, tl) -#endif /* !CONFIG_USER_ONLY */ - DEF_HELPER_3(svm_check_intercept_param, void, env, i32, i64) DEF_HELPER_4(svm_check_io, void, env, i32, i32, i32) DEF_HELPER_3(vmrun, void, env, int, int) @@ -118,6 +116,7 @@ DEF_HELPER_2(vmsave, void, env, int) DEF_HELPER_1(stgi, void, env) DEF_HELPER_1(clgi, void, env) DEF_HELPER_2(invlpga, void, env, int) +#endif /* !CONFIG_USER_ONLY */ /* x86 FPU */ diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index f7f84f79fe27..b2a997fb30a4 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -193,7 +193,16 @@ typedef struct DisasContext { { qemu_build_not_reached(); } #ifdef CONFIG_USER_ONLY +STUB_HELPER(clgi, TCGv_env env) +STUB_HELPER(invlpga, TCGv_env env, TCGv_i32 aflag) STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val) +STUB_HELPER(stgi, TCGv_env env) +STUB_HELPER(svm_check_intercept_param, TCGv_env env, TCGv_i32 t, TCGv_i64 p) +STUB_HELPER(svm_check_io, TCGv_env env, TCGv_i32 port, TCGv_i32 p, TCGv_i32 a) +STUB_HELPER(vmload, TCGv_env env, TCGv_i32 aflag) +STUB_HELPER(vmmcall, TCGv_env env) +STUB_HELPER(vmrun, TCGv_env env, TCGv_i32 aflag, TCGv_i32 pc_ofs) +STUB_HELPER(vmsave, TCGv_env env, TCGv_i32 aflag) #endif static void gen_eob(DisasContext *s); diff --git a/target/i386/tcg/user/svm_stubs.c b/target/i386/tcg/user/svm_stubs.c index 63b37f0de669..48a43bdcea28 100644 --- a/target/i386/tcg/user/svm_stubs.c +++ b/target/i386/tcg/user/svm_stubs.c @@ -22,51 +22,13 @@ #include "exec/helper-proto.h" #include "tcg/helper-tcg.h" -void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend) -{ -} - -void helper_vmmcall(CPUX86State *env) -{ -} - -void helper_vmload(CPUX86State *env, int aflag) -{ -} - -void helper_vmsave(CPUX86State *env, int aflag) -{ -} - -void helper_stgi(CPUX86State *env) -{ -} - -void helper_clgi(CPUX86State *env) -{ -} - -void helper_invlpga(CPUX86State *env, int aflag) -{ -} - void cpu_vmexit(CPUX86State *nenv, uint32_t exit_code, uint64_t exit_info_1, uintptr_t retaddr) { assert(0); } -void helper_svm_check_intercept_param(CPUX86State *env, uint32_t type, - uint64_t param) -{ -} - void cpu_svm_check_intercept_param(CPUX86State *env, uint32_t type, uint64_t param, uintptr_t retaddr) { } - -void helper_svm_check_io(CPUX86State *env, uint32_t port, uint32_t param, - uint32_t next_eip_addend) -{ -} From b82055aece019636c8f1c1b0e199066a0270c6c1 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:26 -0500 Subject: [PATCH 34/50] target/i386: Mark some helpers as noreturn Any helper that always raises an exception or interrupt, or simply exits to the main loop, can be so marked. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-35-richard.henderson@linaro.org> --- target/i386/helper.h | 18 +++++++++--------- target/i386/tcg/bpt_helper.c | 2 +- target/i386/tcg/excp_helper.c | 18 ++++++++++-------- target/i386/tcg/misc_helper.c | 14 +++++++------- target/i386/tcg/translate.c | 3 ++- 5 files changed, 29 insertions(+), 26 deletions(-) diff --git a/target/i386/helper.h b/target/i386/helper.h index d0f7f07c6c2a..f794d1c7c706 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -60,14 +60,14 @@ DEF_HELPER_2(sysexit, void, env, int) DEF_HELPER_2(syscall, void, env, int) DEF_HELPER_2(sysret, void, env, int) #endif -DEF_HELPER_2(hlt, void, env, int) -DEF_HELPER_2(monitor, void, env, tl) -DEF_HELPER_2(mwait, void, env, int) -DEF_HELPER_2(pause, void, env, int) -DEF_HELPER_1(debug, void, env) +DEF_HELPER_FLAGS_2(hlt, TCG_CALL_NO_WG, noreturn, env, int) +DEF_HELPER_FLAGS_2(monitor, TCG_CALL_NO_WG, void, env, tl) +DEF_HELPER_FLAGS_2(mwait, TCG_CALL_NO_WG, noreturn, env, int) +DEF_HELPER_FLAGS_2(pause, TCG_CALL_NO_WG, noreturn, env, int) +DEF_HELPER_FLAGS_1(debug, TCG_CALL_NO_WG, noreturn, env) DEF_HELPER_1(reset_rf, void, env) -DEF_HELPER_3(raise_interrupt, void, env, int, int) -DEF_HELPER_2(raise_exception, void, env, int) +DEF_HELPER_FLAGS_3(raise_interrupt, TCG_CALL_NO_WG, noreturn, env, int, int) +DEF_HELPER_FLAGS_2(raise_exception, TCG_CALL_NO_WG, noreturn, env, int) DEF_HELPER_1(cli, void, env) DEF_HELPER_1(sti, void, env) DEF_HELPER_1(clac, void, env) @@ -86,12 +86,12 @@ DEF_HELPER_2(cmpxchg8b, void, env, tl) DEF_HELPER_2(cmpxchg16b_unlocked, void, env, tl) DEF_HELPER_2(cmpxchg16b, void, env, tl) #endif -DEF_HELPER_1(single_step, void, env) +DEF_HELPER_FLAGS_1(single_step, TCG_CALL_NO_WG, noreturn, env) DEF_HELPER_1(rechecking_single_step, void, env) DEF_HELPER_1(cpuid, void, env) DEF_HELPER_1(rdtsc, void, env) DEF_HELPER_1(rdtscp, void, env) -DEF_HELPER_1(rdpmc, void, env) +DEF_HELPER_FLAGS_1(rdpmc, TCG_CALL_NO_WG, noreturn, env) DEF_HELPER_1(rdmsr, void, env) DEF_HELPER_1(wrmsr, void, env) diff --git a/target/i386/tcg/bpt_helper.c b/target/i386/tcg/bpt_helper.c index fb2a65ac9c78..83cd89581ed9 100644 --- a/target/i386/tcg/bpt_helper.c +++ b/target/i386/tcg/bpt_helper.c @@ -22,7 +22,7 @@ #include "exec/helper-proto.h" #include "helper-tcg.h" -void helper_single_step(CPUX86State *env) +void QEMU_NORETURN helper_single_step(CPUX86State *env) { #ifndef CONFIG_USER_ONLY check_hw_breakpoints(env, true); diff --git a/target/i386/tcg/excp_helper.c b/target/i386/tcg/excp_helper.c index 0183f3932e91..bdae887d0abc 100644 --- a/target/i386/tcg/excp_helper.c +++ b/target/i386/tcg/excp_helper.c @@ -25,12 +25,13 @@ #include "exec/helper-proto.h" #include "helper-tcg.h" -void helper_raise_interrupt(CPUX86State *env, int intno, int next_eip_addend) +void QEMU_NORETURN helper_raise_interrupt(CPUX86State *env, int intno, + int next_eip_addend) { raise_interrupt(env, intno, 1, 0, next_eip_addend); } -void helper_raise_exception(CPUX86State *env, int exception_index) +void QEMU_NORETURN helper_raise_exception(CPUX86State *env, int exception_index) { raise_exception(env, exception_index); } @@ -116,24 +117,25 @@ void QEMU_NORETURN raise_interrupt(CPUX86State *env, int intno, int is_int, raise_interrupt2(env, intno, is_int, error_code, next_eip_addend, 0); } -void raise_exception_err(CPUX86State *env, int exception_index, - int error_code) +void QEMU_NORETURN raise_exception_err(CPUX86State *env, int exception_index, + int error_code) { raise_interrupt2(env, exception_index, 0, error_code, 0, 0); } -void raise_exception_err_ra(CPUX86State *env, int exception_index, - int error_code, uintptr_t retaddr) +void QEMU_NORETURN raise_exception_err_ra(CPUX86State *env, int exception_index, + int error_code, uintptr_t retaddr) { raise_interrupt2(env, exception_index, 0, error_code, 0, retaddr); } -void raise_exception(CPUX86State *env, int exception_index) +void QEMU_NORETURN raise_exception(CPUX86State *env, int exception_index) { raise_interrupt2(env, exception_index, 0, 0, 0, 0); } -void raise_exception_ra(CPUX86State *env, int exception_index, uintptr_t retaddr) +void QEMU_NORETURN raise_exception_ra(CPUX86State *env, int exception_index, + uintptr_t retaddr) { raise_interrupt2(env, exception_index, 0, 0, 0, retaddr); } diff --git a/target/i386/tcg/misc_helper.c b/target/i386/tcg/misc_helper.c index a30379283eab..0e9a4f0bfcda 100644 --- a/target/i386/tcg/misc_helper.c +++ b/target/i386/tcg/misc_helper.c @@ -96,7 +96,7 @@ void helper_rdtscp(CPUX86State *env) env->regs[R_ECX] = (uint32_t)(env->tsc_aux); } -void helper_rdpmc(CPUX86State *env) +void QEMU_NORETURN helper_rdpmc(CPUX86State *env) { if (((env->cr[4] & CR4_PCE_MASK) == 0 ) && ((env->hflags & HF_CPL_MASK) != 0)) { @@ -109,7 +109,7 @@ void helper_rdpmc(CPUX86State *env) raise_exception_err(env, EXCP06_ILLOP, 0); } -static void do_pause(X86CPU *cpu) +static QEMU_NORETURN void do_pause(X86CPU *cpu) { CPUState *cs = CPU(cpu); @@ -118,7 +118,7 @@ static void do_pause(X86CPU *cpu) cpu_loop_exit(cs); } -static void do_hlt(X86CPU *cpu) +static QEMU_NORETURN void do_hlt(X86CPU *cpu) { CPUState *cs = CPU(cpu); CPUX86State *env = &cpu->env; @@ -129,7 +129,7 @@ static void do_hlt(X86CPU *cpu) cpu_loop_exit(cs); } -void helper_hlt(CPUX86State *env, int next_eip_addend) +void QEMU_NORETURN helper_hlt(CPUX86State *env, int next_eip_addend) { X86CPU *cpu = env_archcpu(env); @@ -148,7 +148,7 @@ void helper_monitor(CPUX86State *env, target_ulong ptr) cpu_svm_check_intercept_param(env, SVM_EXIT_MONITOR, 0, GETPC()); } -void helper_mwait(CPUX86State *env, int next_eip_addend) +void QEMU_NORETURN helper_mwait(CPUX86State *env, int next_eip_addend) { CPUState *cs = env_cpu(env); X86CPU *cpu = env_archcpu(env); @@ -167,7 +167,7 @@ void helper_mwait(CPUX86State *env, int next_eip_addend) } } -void helper_pause(CPUX86State *env, int next_eip_addend) +void QEMU_NORETURN helper_pause(CPUX86State *env, int next_eip_addend) { X86CPU *cpu = env_archcpu(env); @@ -177,7 +177,7 @@ void helper_pause(CPUX86State *env, int next_eip_addend) do_pause(cpu); } -void helper_debug(CPUX86State *env) +void QEMU_NORETURN helper_debug(CPUX86State *env) { CPUState *cs = env_cpu(env); diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index b2a997fb30a4..c1d4d58c615e 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -7282,6 +7282,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_update_cc_op(s); gen_jmp_im(s, pc_start - s->cs_base); gen_helper_rdpmc(cpu_env); + s->base.is_jmp = DISAS_NORETURN; break; case 0x134: /* sysenter */ /* For Intel SYSENTER is valid on 64-bit */ @@ -7443,7 +7444,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_update_cc_op(s); gen_jmp_im(s, pc_start - s->cs_base); gen_helper_mwait(cpu_env, tcg_const_i32(s->pc - pc_start)); - gen_eob(s); + s->base.is_jmp = DISAS_NORETURN; break; case 0xca: /* clac */ From ed3c4739e99569bc9b473c9ca72503502fdf043e Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:27 -0500 Subject: [PATCH 35/50] target/i386: Simplify gen_debug usage Both invocations pass the start of the current instruction, which is available as s->base.pc_next. The function sets is_jmp, so we can eliminate a second setting. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-36-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index c1d4d58c615e..36e38ebebfc3 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -2614,10 +2614,10 @@ static void gen_interrupt(DisasContext *s, int intno, s->base.is_jmp = DISAS_NORETURN; } -static void gen_debug(DisasContext *s, target_ulong cur_eip) +static void gen_debug(DisasContext *s) { gen_update_cc_op(s); - gen_jmp_im(s, cur_eip); + gen_jmp_im(s, s->base.pc_next - s->cs_base); gen_helper_debug(cpu_env); s->base.is_jmp = DISAS_NORETURN; } @@ -7152,7 +7152,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) #ifdef WANT_ICEBP case 0xf1: /* icebp (undocumented, exits to external debugger) */ gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP); - gen_debug(s, pc_start - s->cs_base); + gen_debug(s); break; #endif case 0xfa: /* cli */ @@ -8586,8 +8586,7 @@ static bool i386_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu, /* If RF is set, suppress an internally generated breakpoint. */ int flags = dc->base.tb->flags & HF_RF_MASK ? BP_GDB : BP_ANY; if (bp->flags & flags) { - gen_debug(dc, dc->base.pc_next - dc->cs_base); - dc->base.is_jmp = DISAS_NORETURN; + gen_debug(dc); /* The address covered by the breakpoint must be included in [tb->pc, tb->pc + tb->size) in order to for it to be properly cleared -- thus we increment the PC here so that From d051ea04d024880475e082e876e497f669bb3e4e Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:28 -0500 Subject: [PATCH 36/50] target/i386: Tidy svm_check_intercept from tcg The param argument to helper_svm_check_intercept_param is always 0; eliminate it and rename to helper_svm_check_intercept. Fold gen_svm_check_intercept_param into gen_svm_check_intercept. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-37-richard.henderson@linaro.org> --- target/i386/helper.h | 2 +- target/i386/tcg/sysemu/svm_helper.c | 5 ++--- target/i386/tcg/translate.c | 16 ++++------------ 3 files changed, 7 insertions(+), 16 deletions(-) diff --git a/target/i386/helper.h b/target/i386/helper.h index f794d1c7c706..86484a4ec49b 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -107,7 +107,7 @@ DEF_HELPER_2(inl, tl, env, i32) #ifndef CONFIG_USER_ONLY DEF_HELPER_FLAGS_4(bpt_io, TCG_CALL_NO_WG, void, env, i32, i32, tl) -DEF_HELPER_3(svm_check_intercept_param, void, env, i32, i64) +DEF_HELPER_2(svm_check_intercept, void, env, i32) DEF_HELPER_4(svm_check_io, void, env, i32, i32, i32) DEF_HELPER_3(vmrun, void, env, int, int) DEF_HELPER_1(vmmcall, void, env) diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c index 79c73d67afba..b431016e722c 100644 --- a/target/i386/tcg/sysemu/svm_helper.c +++ b/target/i386/tcg/sysemu/svm_helper.c @@ -506,10 +506,9 @@ void cpu_svm_check_intercept_param(CPUX86State *env, uint32_t type, } } -void helper_svm_check_intercept_param(CPUX86State *env, uint32_t type, - uint64_t param) +void helper_svm_check_intercept(CPUX86State *env, uint32_t type) { - cpu_svm_check_intercept_param(env, type, param, GETPC()); + cpu_svm_check_intercept_param(env, type, 0, GETPC()); } void helper_svm_check_io(CPUX86State *env, uint32_t port, uint32_t param, diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 36e38ebebfc3..ad2e6cdd8c8b 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -197,7 +197,7 @@ STUB_HELPER(clgi, TCGv_env env) STUB_HELPER(invlpga, TCGv_env env, TCGv_i32 aflag) STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val) STUB_HELPER(stgi, TCGv_env env) -STUB_HELPER(svm_check_intercept_param, TCGv_env env, TCGv_i32 t, TCGv_i64 p) +STUB_HELPER(svm_check_intercept, TCGv_env env, TCGv_i32 type) STUB_HELPER(svm_check_io, TCGv_env env, TCGv_i32 port, TCGv_i32 p, TCGv_i32 a) STUB_HELPER(vmload, TCGv_env env, TCGv_i32 aflag) STUB_HELPER(vmmcall, TCGv_env env) @@ -2423,9 +2423,8 @@ static inline int svm_is_rep(int prefixes) return ((prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) ? 8 : 0); } -static inline void -gen_svm_check_intercept_param(DisasContext *s, target_ulong pc_start, - uint32_t type, uint64_t param) +static void gen_svm_check_intercept(DisasContext *s, target_ulong pc_start, + uint32_t type) { /* no SVM activated; fast case */ if (likely(!GUEST(s))) { @@ -2433,14 +2432,7 @@ gen_svm_check_intercept_param(DisasContext *s, target_ulong pc_start, } gen_update_cc_op(s); gen_jmp_im(s, pc_start - s->cs_base); - gen_helper_svm_check_intercept_param(cpu_env, tcg_const_i32(type), - tcg_const_i64(param)); -} - -static inline void -gen_svm_check_intercept(DisasContext *s, target_ulong pc_start, uint64_t type) -{ - gen_svm_check_intercept_param(s, pc_start, type, 0); + gen_helper_svm_check_intercept(cpu_env, tcg_constant_i32(type)); } static inline void gen_stack_update(DisasContext *s, int addend) From b53605dbd210c806809d3acb698226ec5de11378 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:29 -0500 Subject: [PATCH 37/50] target/i386: Remove pc_start argument to gen_svm_check_intercept When exiting helper_svm_check_intercept via exception, cpu_vmexit calls cpu_restore_state, which will recover eip and cc_op via unwind. Therefore we do not need to store eip or cc_op before the call. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-38-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 45 +++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index ad2e6cdd8c8b..3844c0342ea2 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -2423,15 +2423,12 @@ static inline int svm_is_rep(int prefixes) return ((prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) ? 8 : 0); } -static void gen_svm_check_intercept(DisasContext *s, target_ulong pc_start, - uint32_t type) +static void gen_svm_check_intercept(DisasContext *s, uint32_t type) { /* no SVM activated; fast case */ if (likely(!GUEST(s))) { return; } - gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); gen_helper_svm_check_intercept(cpu_env, tcg_constant_i32(type)); } @@ -6639,7 +6636,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) val = 0; goto do_lret; case 0xcf: /* iret */ - gen_svm_check_intercept(s, pc_start, SVM_EXIT_IRET); + gen_svm_check_intercept(s, SVM_EXIT_IRET); if (!PE(s) || VM86(s)) { /* real mode or vm86 mode */ if (!check_vm86_iopl(s)) { @@ -6761,7 +6758,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) /************************/ /* flags */ case 0x9c: /* pushf */ - gen_svm_check_intercept(s, pc_start, SVM_EXIT_PUSHF); + gen_svm_check_intercept(s, SVM_EXIT_PUSHF); if (check_vm86_iopl(s)) { gen_update_cc_op(s); gen_helper_read_eflags(s->T0, cpu_env); @@ -6769,7 +6766,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) } break; case 0x9d: /* popf */ - gen_svm_check_intercept(s, pc_start, SVM_EXIT_POPF); + gen_svm_check_intercept(s, SVM_EXIT_POPF); if (check_vm86_iopl(s)) { ot = gen_pop_T0(s); if (CPL(s) == 0) { @@ -7143,7 +7140,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; #ifdef WANT_ICEBP case 0xf1: /* icebp (undocumented, exits to external debugger) */ - gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP); + gen_svm_check_intercept(s, SVM_EXIT_ICEBP); gen_debug(s); break; #endif @@ -7347,7 +7344,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0: /* sldt */ if (!PE(s) || VM86(s)) goto illegal_op; - gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_READ); + gen_svm_check_intercept(s, SVM_EXIT_LDTR_READ); tcg_gen_ld32u_tl(s->T0, cpu_env, offsetof(CPUX86State, ldt.selector)); ot = mod == 3 ? dflag : MO_16; @@ -7357,7 +7354,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!PE(s) || VM86(s)) goto illegal_op; if (check_cpl0(s)) { - gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_WRITE); + gen_svm_check_intercept(s, SVM_EXIT_LDTR_WRITE); gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); gen_helper_lldt(cpu_env, s->tmp2_i32); @@ -7366,7 +7363,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 1: /* str */ if (!PE(s) || VM86(s)) goto illegal_op; - gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_READ); + gen_svm_check_intercept(s, SVM_EXIT_TR_READ); tcg_gen_ld32u_tl(s->T0, cpu_env, offsetof(CPUX86State, tr.selector)); ot = mod == 3 ? dflag : MO_16; @@ -7376,7 +7373,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!PE(s) || VM86(s)) goto illegal_op; if (check_cpl0(s)) { - gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_WRITE); + gen_svm_check_intercept(s, SVM_EXIT_TR_WRITE); gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); gen_helper_ltr(cpu_env, s->tmp2_i32); @@ -7404,7 +7401,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) modrm = x86_ldub_code(env, s); switch (modrm) { CASE_MODRM_MEM_OP(0): /* sgdt */ - gen_svm_check_intercept(s, pc_start, SVM_EXIT_GDTR_READ); + gen_svm_check_intercept(s, SVM_EXIT_GDTR_READ); gen_lea_modrm(env, s, modrm); tcg_gen_ld32u_tl(s->T0, cpu_env, offsetof(CPUX86State, gdt.limit)); @@ -7460,7 +7457,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; CASE_MODRM_MEM_OP(1): /* sidt */ - gen_svm_check_intercept(s, pc_start, SVM_EXIT_IDTR_READ); + gen_svm_check_intercept(s, SVM_EXIT_IDTR_READ); gen_lea_modrm(env, s, modrm); tcg_gen_ld32u_tl(s->T0, cpu_env, offsetof(CPUX86State, idt.limit)); gen_op_st_v(s, MO_16, s->T0, s->A0); @@ -7580,7 +7577,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) || !PE(s)) { goto illegal_op; } - gen_svm_check_intercept(s, pc_start, SVM_EXIT_SKINIT); + gen_svm_check_intercept(s, SVM_EXIT_SKINIT); /* If not intercepted, not implemented -- raise #UD. */ goto illegal_op; @@ -7600,7 +7597,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!check_cpl0(s)) { break; } - gen_svm_check_intercept(s, pc_start, SVM_EXIT_GDTR_WRITE); + gen_svm_check_intercept(s, SVM_EXIT_GDTR_WRITE); gen_lea_modrm(env, s, modrm); gen_op_ld_v(s, MO_16, s->T1, s->A0); gen_add_A0_im(s, 2); @@ -7616,7 +7613,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!check_cpl0(s)) { break; } - gen_svm_check_intercept(s, pc_start, SVM_EXIT_IDTR_WRITE); + gen_svm_check_intercept(s, SVM_EXIT_IDTR_WRITE); gen_lea_modrm(env, s, modrm); gen_op_ld_v(s, MO_16, s->T1, s->A0); gen_add_A0_im(s, 2); @@ -7629,7 +7626,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; CASE_MODRM_OP(4): /* smsw */ - gen_svm_check_intercept(s, pc_start, SVM_EXIT_READ_CR0); + gen_svm_check_intercept(s, SVM_EXIT_READ_CR0); tcg_gen_ld_tl(s->T0, cpu_env, offsetof(CPUX86State, cr[0])); /* * In 32-bit mode, the higher 16 bits of the destination @@ -7661,7 +7658,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!check_cpl0(s)) { break; } - gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0); + gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0); gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); gen_helper_lmsw(cpu_env, s->T0); gen_jmp_im(s, s->pc - s->cs_base); @@ -7718,7 +7715,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x108: /* invd */ case 0x109: /* wbinvd */ if (check_cpl0(s)) { - gen_svm_check_intercept(s, pc_start, (b & 2) ? SVM_EXIT_INVD : SVM_EXIT_WBINVD); + gen_svm_check_intercept(s, (b & 2) ? SVM_EXIT_INVD : SVM_EXIT_WBINVD); /* nothing to do */ } break; @@ -8108,14 +8105,14 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if (b & 2) { - gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_DR0 + reg); + gen_svm_check_intercept(s, SVM_EXIT_WRITE_DR0 + reg); gen_op_mov_v_reg(s, ot, s->T0, rm); tcg_gen_movi_i32(s->tmp2_i32, reg); gen_helper_set_dr(cpu_env, s->tmp2_i32, s->T0); gen_jmp_im(s, s->pc - s->cs_base); gen_eob(s); } else { - gen_svm_check_intercept(s, pc_start, SVM_EXIT_READ_DR0 + reg); + gen_svm_check_intercept(s, SVM_EXIT_READ_DR0 + reg); tcg_gen_movi_i32(s->tmp2_i32, reg); gen_helper_get_dr(s->T0, cpu_env, s->tmp2_i32); gen_op_mov_reg_v(s, ot, rm, s->T0); @@ -8124,7 +8121,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0x106: /* clts */ if (check_cpl0(s)) { - gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0); + gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0); gen_helper_clts(cpu_env); /* abort block because static cpu state changed */ gen_jmp_im(s, s->pc - s->cs_base); @@ -8351,7 +8348,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_nop_modrm(env, s, modrm); break; case 0x1aa: /* rsm */ - gen_svm_check_intercept(s, pc_start, SVM_EXIT_RSM); + gen_svm_check_intercept(s, SVM_EXIT_RSM); if (!(s->flags & HF_SMM_MASK)) goto illegal_op; #ifdef CONFIG_USER_ONLY From 3d4fce8b8e7f9f8b898b46500d29279e965cb646 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:30 -0500 Subject: [PATCH 38/50] target/i386: Remove user stub for cpu_vmexit This function is only called from tcg/sysemu/. There is no need for a stub in tcg/user/. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-39-richard.henderson@linaro.org> --- target/i386/tcg/helper-tcg.h | 4 +++- target/i386/tcg/user/svm_stubs.c | 6 ------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/target/i386/tcg/helper-tcg.h b/target/i386/tcg/helper-tcg.h index 97fb7a226a0c..85a8b0ebd672 100644 --- a/target/i386/tcg/helper-tcg.h +++ b/target/i386/tcg/helper-tcg.h @@ -77,10 +77,12 @@ extern const uint8_t parity_table[256]; /* misc_helper.c */ void cpu_load_eflags(CPUX86State *env, int eflags, int update_mask); -/* svm_helper.c */ +/* sysemu/svm_helper.c */ +#ifndef CONFIG_USER_ONLY void QEMU_NORETURN cpu_vmexit(CPUX86State *nenv, uint32_t exit_code, uint64_t exit_info_1, uintptr_t retaddr); void do_vmexit(CPUX86State *env); +#endif /* seg_helper.c */ void do_interrupt_x86_hardirq(CPUX86State *env, int intno, int is_hw); diff --git a/target/i386/tcg/user/svm_stubs.c b/target/i386/tcg/user/svm_stubs.c index 48a43bdcea28..db818f89a878 100644 --- a/target/i386/tcg/user/svm_stubs.c +++ b/target/i386/tcg/user/svm_stubs.c @@ -22,12 +22,6 @@ #include "exec/helper-proto.h" #include "tcg/helper-tcg.h" -void cpu_vmexit(CPUX86State *nenv, uint32_t exit_code, uint64_t exit_info_1, - uintptr_t retaddr) -{ - assert(0); -} - void cpu_svm_check_intercept_param(CPUX86State *env, uint32_t type, uint64_t param, uintptr_t retaddr) { From 7eff2e7c652304157f503f2d406193bb9de10d58 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:31 -0500 Subject: [PATCH 39/50] target/i386: Cleanup read_crN, write_crN, lmsw Pull the svm intercept check into the translator. Pull the entire implementation of lmsw into the translator. Push the check for CR8LEG into the regno validation switch. Unify the gen_io_start check between read/write. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20210514151342.384376-40-richard.henderson@linaro.org> --- target/i386/helper.h | 5 +- target/i386/tcg/misc_helper.c | 8 --- target/i386/tcg/sysemu/misc_helper.c | 2 - target/i386/tcg/translate.c | 97 +++++++++++++++------------- 4 files changed, 54 insertions(+), 58 deletions(-) diff --git a/target/i386/helper.h b/target/i386/helper.h index 86484a4ec49b..ebfaca66dd5e 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -42,9 +42,8 @@ DEF_HELPER_5(lcall_protected, void, env, int, tl, int, tl) DEF_HELPER_2(iret_real, void, env, int) DEF_HELPER_3(iret_protected, void, env, int, int) DEF_HELPER_3(lret_protected, void, env, int, int) -DEF_HELPER_2(read_crN, tl, env, int) -DEF_HELPER_3(write_crN, void, env, int, tl) -DEF_HELPER_2(lmsw, void, env, tl) +DEF_HELPER_FLAGS_2(read_crN, TCG_CALL_NO_RWG, tl, env, int) +DEF_HELPER_FLAGS_3(write_crN, TCG_CALL_NO_RWG, void, env, int, tl) DEF_HELPER_1(clts, void, env) #ifndef CONFIG_USER_ONLY diff --git a/target/i386/tcg/misc_helper.c b/target/i386/tcg/misc_helper.c index 0e9a4f0bfcda..931dbd9db0cb 100644 --- a/target/i386/tcg/misc_helper.c +++ b/target/i386/tcg/misc_helper.c @@ -60,14 +60,6 @@ void helper_cpuid(CPUX86State *env) env->regs[R_EDX] = edx; } -void helper_lmsw(CPUX86State *env, target_ulong t0) -{ - /* only 4 lower bits of CR0 are modified. PE cannot be set to zero - if already set to one. */ - t0 = (env->cr[0] & ~0xe) | (t0 & 0xf); - helper_write_crN(env, 0, t0); -} - void helper_invlpg(CPUX86State *env, target_ulong addr) { X86CPU *cpu = env_archcpu(env); diff --git a/target/i386/tcg/sysemu/misc_helper.c b/target/i386/tcg/sysemu/misc_helper.c index 66e7939537f6..c7381ef7e80e 100644 --- a/target/i386/tcg/sysemu/misc_helper.c +++ b/target/i386/tcg/sysemu/misc_helper.c @@ -65,7 +65,6 @@ target_ulong helper_read_crN(CPUX86State *env, int reg) { target_ulong val; - cpu_svm_check_intercept_param(env, SVM_EXIT_READ_CR0 + reg, 0, GETPC()); switch (reg) { default: val = env->cr[reg]; @@ -83,7 +82,6 @@ target_ulong helper_read_crN(CPUX86State *env, int reg) void helper_write_crN(CPUX86State *env, int reg, target_ulong t0) { - cpu_svm_check_intercept_param(env, SVM_EXIT_WRITE_CR0 + reg, 0, GETPC()); switch (reg) { case 0: cpu_x86_update_cr0(env, t0); diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 3844c0342ea2..14a44a00ca88 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -7654,13 +7654,22 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]); gen_helper_wrpkru(cpu_env, s->tmp2_i32, s->tmp1_i64); break; + CASE_MODRM_OP(6): /* lmsw */ if (!check_cpl0(s)) { break; } gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0); gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); - gen_helper_lmsw(cpu_env, s->T0); + /* + * Only the 4 lower bits of CR0 are modified. + * PE cannot be set to zero if already set to one. + */ + tcg_gen_ld_tl(s->T1, cpu_env, offsetof(CPUX86State, cr[0])); + tcg_gen_andi_tl(s->T0, s->T0, 0xf); + tcg_gen_andi_tl(s->T1, s->T1, ~0xe); + tcg_gen_or_tl(s->T0, s->T0, s->T1); + gen_helper_write_crN(cpu_env, tcg_constant_i32(0), s->T0); gen_jmp_im(s, s->pc - s->cs_base); gen_eob(s); break; @@ -8034,58 +8043,56 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) modrm = x86_ldub_code(env, s); gen_nop_modrm(env, s, modrm); break; + case 0x120: /* mov reg, crN */ case 0x122: /* mov crN, reg */ - if (check_cpl0(s)) { - modrm = x86_ldub_code(env, s); - /* Ignore the mod bits (assume (modrm&0xc0)==0xc0). - * AMD documentation (24594.pdf) and testing of - * intel 386 and 486 processors all show that the mod bits - * are assumed to be 1's, regardless of actual values. - */ - rm = (modrm & 7) | REX_B(s); - reg = ((modrm >> 3) & 7) | REX_R(s); - if (CODE64(s)) - ot = MO_64; - else - ot = MO_32; - if ((prefixes & PREFIX_LOCK) && (reg == 0) && + if (!check_cpl0(s)) { + break; + } + modrm = x86_ldub_code(env, s); + /* + * Ignore the mod bits (assume (modrm&0xc0)==0xc0). + * AMD documentation (24594.pdf) and testing of Intel 386 and 486 + * processors all show that the mod bits are assumed to be 1's, + * regardless of actual values. + */ + rm = (modrm & 7) | REX_B(s); + reg = ((modrm >> 3) & 7) | REX_R(s); + switch (reg) { + case 0: + if ((prefixes & PREFIX_LOCK) && (s->cpuid_ext3_features & CPUID_EXT3_CR8LEG)) { reg = 8; } - switch(reg) { - case 0: - case 2: - case 3: - case 4: - case 8: - gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); - if (b & 2) { - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_io_start(); - } - gen_op_mov_v_reg(s, ot, s->T0, rm); - gen_helper_write_crN(cpu_env, tcg_const_i32(reg), - s->T0); - gen_jmp_im(s, s->pc - s->cs_base); - gen_eob(s); - } else { - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_io_start(); - } - gen_helper_read_crN(s->T0, cpu_env, tcg_const_i32(reg)); - gen_op_mov_reg_v(s, ot, rm, s->T0); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_jmp(s, s->pc - s->cs_base); - } - } - break; - default: - goto unknown_op; + break; + case 2: + case 3: + case 4: + break; + default: + goto unknown_op; + } + ot = (CODE64(s) ? MO_64 : MO_32); + + if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { + gen_io_start(); + } + if (b & 2) { + gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0 + reg); + gen_op_mov_v_reg(s, ot, s->T0, rm); + gen_helper_write_crN(cpu_env, tcg_constant_i32(reg), s->T0); + gen_jmp_im(s, s->pc - s->cs_base); + gen_eob(s); + } else { + gen_svm_check_intercept(s, SVM_EXIT_READ_CR0 + reg); + gen_helper_read_crN(s->T0, cpu_env, tcg_constant_i32(reg)); + gen_op_mov_reg_v(s, ot, rm, s->T0); + if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { + gen_jmp(s, s->pc - s->cs_base); } } break; + case 0x121: /* mov reg, drN */ case 0x123: /* mov drN, reg */ if (check_cpl0(s)) { From eb26784fe128d1369056bd708c89c2c327b333e9 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:32 -0500 Subject: [PATCH 40/50] target/i386: Pass env to do_pause and do_hlt Having the callers upcast to X86CPU is a waste, since we don't need it. We even have to recover env in do_hlt. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-41-richard.henderson@linaro.org> --- target/i386/tcg/misc_helper.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/target/i386/tcg/misc_helper.c b/target/i386/tcg/misc_helper.c index 931dbd9db0cb..23287b330e97 100644 --- a/target/i386/tcg/misc_helper.c +++ b/target/i386/tcg/misc_helper.c @@ -101,19 +101,18 @@ void QEMU_NORETURN helper_rdpmc(CPUX86State *env) raise_exception_err(env, EXCP06_ILLOP, 0); } -static QEMU_NORETURN void do_pause(X86CPU *cpu) +static void QEMU_NORETURN do_pause(CPUX86State *env) { - CPUState *cs = CPU(cpu); + CPUState *cs = env_cpu(env); /* Just let another CPU run. */ cs->exception_index = EXCP_INTERRUPT; cpu_loop_exit(cs); } -static QEMU_NORETURN void do_hlt(X86CPU *cpu) +static void QEMU_NORETURN do_hlt(CPUX86State *env) { - CPUState *cs = CPU(cpu); - CPUX86State *env = &cpu->env; + CPUState *cs = env_cpu(env); env->hflags &= ~HF_INHIBIT_IRQ_MASK; /* needed if sti is just before */ cs->halted = 1; @@ -123,12 +122,10 @@ static QEMU_NORETURN void do_hlt(X86CPU *cpu) void QEMU_NORETURN helper_hlt(CPUX86State *env, int next_eip_addend) { - X86CPU *cpu = env_archcpu(env); - cpu_svm_check_intercept_param(env, SVM_EXIT_HLT, 0, GETPC()); env->eip += next_eip_addend; - do_hlt(cpu); + do_hlt(env); } void helper_monitor(CPUX86State *env, target_ulong ptr) @@ -143,7 +140,6 @@ void helper_monitor(CPUX86State *env, target_ulong ptr) void QEMU_NORETURN helper_mwait(CPUX86State *env, int next_eip_addend) { CPUState *cs = env_cpu(env); - X86CPU *cpu = env_archcpu(env); if ((uint32_t)env->regs[R_ECX] != 0) { raise_exception_ra(env, EXCP0D_GPF, GETPC()); @@ -153,20 +149,18 @@ void QEMU_NORETURN helper_mwait(CPUX86State *env, int next_eip_addend) /* XXX: not complete but not completely erroneous */ if (cs->cpu_index != 0 || CPU_NEXT(cs) != NULL) { - do_pause(cpu); + do_pause(env); } else { - do_hlt(cpu); + do_hlt(env); } } void QEMU_NORETURN helper_pause(CPUX86State *env, int next_eip_addend) { - X86CPU *cpu = env_archcpu(env); - cpu_svm_check_intercept_param(env, SVM_EXIT_PAUSE, 0, GETPC()); env->eip += next_eip_addend; - do_pause(cpu); + do_pause(env); } void QEMU_NORETURN helper_debug(CPUX86State *env) From 4ea2449b5818a2bb73ea5ac259279e58e4e11a20 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:33 -0500 Subject: [PATCH 41/50] target/i386: Move invlpg, hlt, monitor, mwait to sysemu These instructions are all privileged. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-42-richard.henderson@linaro.org> --- target/i386/helper.h | 8 ++-- target/i386/tcg/helper-tcg.h | 1 + target/i386/tcg/misc_helper.c | 55 +--------------------------- target/i386/tcg/sysemu/misc_helper.c | 53 +++++++++++++++++++++++++++ target/i386/tcg/translate.c | 4 ++ 5 files changed, 63 insertions(+), 58 deletions(-) diff --git a/target/i386/helper.h b/target/i386/helper.h index ebfaca66dd5e..ab72eba52a61 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -51,7 +51,6 @@ DEF_HELPER_FLAGS_3(set_dr, TCG_CALL_NO_WG, void, env, int, tl) #endif /* !CONFIG_USER_ONLY */ DEF_HELPER_FLAGS_2(get_dr, TCG_CALL_NO_WG, tl, env, int) -DEF_HELPER_2(invlpg, void, env, tl) DEF_HELPER_1(sysenter, void, env) DEF_HELPER_2(sysexit, void, env, int) @@ -59,9 +58,6 @@ DEF_HELPER_2(sysexit, void, env, int) DEF_HELPER_2(syscall, void, env, int) DEF_HELPER_2(sysret, void, env, int) #endif -DEF_HELPER_FLAGS_2(hlt, TCG_CALL_NO_WG, noreturn, env, int) -DEF_HELPER_FLAGS_2(monitor, TCG_CALL_NO_WG, void, env, tl) -DEF_HELPER_FLAGS_2(mwait, TCG_CALL_NO_WG, noreturn, env, int) DEF_HELPER_FLAGS_2(pause, TCG_CALL_NO_WG, noreturn, env, int) DEF_HELPER_FLAGS_1(debug, TCG_CALL_NO_WG, noreturn, env) DEF_HELPER_1(reset_rf, void, env) @@ -115,6 +111,10 @@ DEF_HELPER_2(vmsave, void, env, int) DEF_HELPER_1(stgi, void, env) DEF_HELPER_1(clgi, void, env) DEF_HELPER_2(invlpga, void, env, int) +DEF_HELPER_2(invlpg, void, env, tl) +DEF_HELPER_FLAGS_2(hlt, TCG_CALL_NO_WG, noreturn, env, int) +DEF_HELPER_FLAGS_2(monitor, TCG_CALL_NO_WG, void, env, tl) +DEF_HELPER_FLAGS_2(mwait, TCG_CALL_NO_WG, noreturn, env, int) #endif /* !CONFIG_USER_ONLY */ /* x86 FPU */ diff --git a/target/i386/tcg/helper-tcg.h b/target/i386/tcg/helper-tcg.h index 85a8b0ebd672..2510cc244e91 100644 --- a/target/i386/tcg/helper-tcg.h +++ b/target/i386/tcg/helper-tcg.h @@ -76,6 +76,7 @@ extern const uint8_t parity_table[256]; /* misc_helper.c */ void cpu_load_eflags(CPUX86State *env, int eflags, int update_mask); +void do_pause(CPUX86State *env) QEMU_NORETURN; /* sysemu/svm_helper.c */ #ifndef CONFIG_USER_ONLY diff --git a/target/i386/tcg/misc_helper.c b/target/i386/tcg/misc_helper.c index 23287b330e97..baffa5d7ba9a 100644 --- a/target/i386/tcg/misc_helper.c +++ b/target/i386/tcg/misc_helper.c @@ -60,14 +60,6 @@ void helper_cpuid(CPUX86State *env) env->regs[R_EDX] = edx; } -void helper_invlpg(CPUX86State *env, target_ulong addr) -{ - X86CPU *cpu = env_archcpu(env); - - cpu_svm_check_intercept_param(env, SVM_EXIT_INVLPG, 0, GETPC()); - tlb_flush_page(CPU(cpu), addr); -} - void helper_rdtsc(CPUX86State *env) { uint64_t val; @@ -101,7 +93,7 @@ void QEMU_NORETURN helper_rdpmc(CPUX86State *env) raise_exception_err(env, EXCP06_ILLOP, 0); } -static void QEMU_NORETURN do_pause(CPUX86State *env) +void QEMU_NORETURN do_pause(CPUX86State *env) { CPUState *cs = env_cpu(env); @@ -110,51 +102,6 @@ static void QEMU_NORETURN do_pause(CPUX86State *env) cpu_loop_exit(cs); } -static void QEMU_NORETURN do_hlt(CPUX86State *env) -{ - CPUState *cs = env_cpu(env); - - env->hflags &= ~HF_INHIBIT_IRQ_MASK; /* needed if sti is just before */ - cs->halted = 1; - cs->exception_index = EXCP_HLT; - cpu_loop_exit(cs); -} - -void QEMU_NORETURN helper_hlt(CPUX86State *env, int next_eip_addend) -{ - cpu_svm_check_intercept_param(env, SVM_EXIT_HLT, 0, GETPC()); - env->eip += next_eip_addend; - - do_hlt(env); -} - -void helper_monitor(CPUX86State *env, target_ulong ptr) -{ - if ((uint32_t)env->regs[R_ECX] != 0) { - raise_exception_ra(env, EXCP0D_GPF, GETPC()); - } - /* XXX: store address? */ - cpu_svm_check_intercept_param(env, SVM_EXIT_MONITOR, 0, GETPC()); -} - -void QEMU_NORETURN helper_mwait(CPUX86State *env, int next_eip_addend) -{ - CPUState *cs = env_cpu(env); - - if ((uint32_t)env->regs[R_ECX] != 0) { - raise_exception_ra(env, EXCP0D_GPF, GETPC()); - } - cpu_svm_check_intercept_param(env, SVM_EXIT_MWAIT, 0, GETPC()); - env->eip += next_eip_addend; - - /* XXX: not complete but not completely erroneous */ - if (cs->cpu_index != 0 || CPU_NEXT(cs) != NULL) { - do_pause(env); - } else { - do_hlt(env); - } -} - void QEMU_NORETURN helper_pause(CPUX86State *env, int next_eip_addend) { cpu_svm_check_intercept_param(env, SVM_EXIT_PAUSE, 0, GETPC()); diff --git a/target/i386/tcg/sysemu/misc_helper.c b/target/i386/tcg/sysemu/misc_helper.c index c7381ef7e80e..803c39e2fbf9 100644 --- a/target/i386/tcg/sysemu/misc_helper.c +++ b/target/i386/tcg/sysemu/misc_helper.c @@ -438,3 +438,56 @@ void helper_rdmsr(CPUX86State *env) env->regs[R_EAX] = (uint32_t)(val); env->regs[R_EDX] = (uint32_t)(val >> 32); } + +void helper_invlpg(CPUX86State *env, target_ulong addr) +{ + X86CPU *cpu = env_archcpu(env); + + cpu_svm_check_intercept_param(env, SVM_EXIT_INVLPG, 0, GETPC()); + tlb_flush_page(CPU(cpu), addr); +} + +static void QEMU_NORETURN do_hlt(CPUX86State *env) +{ + CPUState *cs = env_cpu(env); + + env->hflags &= ~HF_INHIBIT_IRQ_MASK; /* needed if sti is just before */ + cs->halted = 1; + cs->exception_index = EXCP_HLT; + cpu_loop_exit(cs); +} + +void QEMU_NORETURN helper_hlt(CPUX86State *env, int next_eip_addend) +{ + cpu_svm_check_intercept_param(env, SVM_EXIT_HLT, 0, GETPC()); + env->eip += next_eip_addend; + + do_hlt(env); +} + +void helper_monitor(CPUX86State *env, target_ulong ptr) +{ + if ((uint32_t)env->regs[R_ECX] != 0) { + raise_exception_ra(env, EXCP0D_GPF, GETPC()); + } + /* XXX: store address? */ + cpu_svm_check_intercept_param(env, SVM_EXIT_MONITOR, 0, GETPC()); +} + +void QEMU_NORETURN helper_mwait(CPUX86State *env, int next_eip_addend) +{ + CPUState *cs = env_cpu(env); + + if ((uint32_t)env->regs[R_ECX] != 0) { + raise_exception_ra(env, EXCP0D_GPF, GETPC()); + } + cpu_svm_check_intercept_param(env, SVM_EXIT_MWAIT, 0, GETPC()); + env->eip += next_eip_addend; + + /* XXX: not complete but not completely erroneous */ + if (cs->cpu_index != 0 || CPU_NEXT(cs) != NULL) { + do_pause(env); + } else { + do_hlt(env); + } +} diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 14a44a00ca88..39af147a876b 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -194,7 +194,11 @@ typedef struct DisasContext { #ifdef CONFIG_USER_ONLY STUB_HELPER(clgi, TCGv_env env) +STUB_HELPER(hlt, TCGv_env env, TCGv_i32 pc_ofs) STUB_HELPER(invlpga, TCGv_env env, TCGv_i32 aflag) +STUB_HELPER(invlpg, TCGv_env env, TCGv addr) +STUB_HELPER(monitor, TCGv_env env, TCGv addr) +STUB_HELPER(mwait, TCGv_env env, TCGv_i32 pc_ofs) STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val) STUB_HELPER(stgi, TCGv_env env) STUB_HELPER(svm_check_intercept, TCGv_env env, TCGv_i32 type) From 35e5a5d5cb1096c5ac5df92913df30057978eff7 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:34 -0500 Subject: [PATCH 42/50] target/i386: Unify invlpg, invlpga Use a single helper, flush_page, to do the work. Use gen_svm_check_intercept. Perform the zero-extension for invlpga inline. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-43-richard.henderson@linaro.org> --- target/i386/helper.h | 3 +-- target/i386/tcg/sysemu/misc_helper.c | 7 ++----- target/i386/tcg/sysemu/svm_helper.c | 18 ------------------ target/i386/tcg/translate.c | 20 ++++++++++++-------- 4 files changed, 15 insertions(+), 33 deletions(-) diff --git a/target/i386/helper.h b/target/i386/helper.h index ab72eba52a61..0264fba33595 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -110,8 +110,7 @@ DEF_HELPER_2(vmload, void, env, int) DEF_HELPER_2(vmsave, void, env, int) DEF_HELPER_1(stgi, void, env) DEF_HELPER_1(clgi, void, env) -DEF_HELPER_2(invlpga, void, env, int) -DEF_HELPER_2(invlpg, void, env, tl) +DEF_HELPER_FLAGS_2(flush_page, TCG_CALL_NO_RWG, void, env, tl) DEF_HELPER_FLAGS_2(hlt, TCG_CALL_NO_WG, noreturn, env, int) DEF_HELPER_FLAGS_2(monitor, TCG_CALL_NO_WG, void, env, tl) DEF_HELPER_FLAGS_2(mwait, TCG_CALL_NO_WG, noreturn, env, int) diff --git a/target/i386/tcg/sysemu/misc_helper.c b/target/i386/tcg/sysemu/misc_helper.c index 803c39e2fbf9..0cef2f1a4c3b 100644 --- a/target/i386/tcg/sysemu/misc_helper.c +++ b/target/i386/tcg/sysemu/misc_helper.c @@ -439,12 +439,9 @@ void helper_rdmsr(CPUX86State *env) env->regs[R_EDX] = (uint32_t)(val >> 32); } -void helper_invlpg(CPUX86State *env, target_ulong addr) +void helper_flush_page(CPUX86State *env, target_ulong addr) { - X86CPU *cpu = env_archcpu(env); - - cpu_svm_check_intercept_param(env, SVM_EXIT_INVLPG, 0, GETPC()); - tlb_flush_page(CPU(cpu), addr); + tlb_flush_page(env_cpu(env), addr); } static void QEMU_NORETURN do_hlt(CPUX86State *env) diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c index b431016e722c..9d671297cf46 100644 --- a/target/i386/tcg/sysemu/svm_helper.c +++ b/target/i386/tcg/sysemu/svm_helper.c @@ -412,24 +412,6 @@ void helper_clgi(CPUX86State *env) env->hflags2 &= ~HF2_GIF_MASK; } -void helper_invlpga(CPUX86State *env, int aflag) -{ - X86CPU *cpu = env_archcpu(env); - target_ulong addr; - - cpu_svm_check_intercept_param(env, SVM_EXIT_INVLPGA, 0, GETPC()); - - if (aflag == 2) { - addr = env->regs[R_EAX]; - } else { - addr = (uint32_t)env->regs[R_EAX]; - } - - /* XXX: could use the ASID to see if it is needed to do the - flush */ - tlb_flush_page(CPU(cpu), addr); -} - void cpu_svm_check_intercept_param(CPUX86State *env, uint32_t type, uint64_t param, uintptr_t retaddr) { diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 39af147a876b..eb11a75e8668 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -194,9 +194,8 @@ typedef struct DisasContext { #ifdef CONFIG_USER_ONLY STUB_HELPER(clgi, TCGv_env env) +STUB_HELPER(flush_page, TCGv_env env, TCGv addr) STUB_HELPER(hlt, TCGv_env env, TCGv_i32 pc_ofs) -STUB_HELPER(invlpga, TCGv_env env, TCGv_i32 aflag) -STUB_HELPER(invlpg, TCGv_env env, TCGv addr) STUB_HELPER(monitor, TCGv_env env, TCGv addr) STUB_HELPER(mwait, TCGv_env env, TCGv_i32 pc_ofs) STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val) @@ -7592,9 +7591,15 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!check_cpl0(s)) { break; } - gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); - gen_helper_invlpga(cpu_env, tcg_const_i32(s->aflag - 1)); + gen_svm_check_intercept(s, SVM_EXIT_INVLPGA); + if (s->aflag == MO_64) { + tcg_gen_mov_tl(s->A0, cpu_regs[R_EAX]); + } else { + tcg_gen_ext32u_tl(s->A0, cpu_regs[R_EAX]); + } + gen_helper_flush_page(cpu_env, s->A0); + gen_jmp_im(s, s->pc - s->cs_base); + gen_eob(s); break; CASE_MODRM_MEM_OP(2): /* lgdt */ @@ -7682,10 +7687,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (!check_cpl0(s)) { break; } - gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_svm_check_intercept(s, SVM_EXIT_INVLPG); gen_lea_modrm(env, s, modrm); - gen_helper_invlpg(cpu_env, s->A0); + gen_helper_flush_page(cpu_env, s->A0); gen_jmp_im(s, s->pc - s->cs_base); gen_eob(s); break; From 27bd3216a7fda23edff6e60253db36079efc9040 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:35 -0500 Subject: [PATCH 43/50] target/i386: Inline user cpu_svm_check_intercept_param The user-version is a no-op. This lets us completely remove tcg/user/svm_stubs.c. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-44-richard.henderson@linaro.org> --- target/i386/cpu.h | 8 ++++++++ target/i386/tcg/user/meson.build | 1 - target/i386/tcg/user/svm_stubs.c | 28 ---------------------------- 3 files changed, 8 insertions(+), 29 deletions(-) delete mode 100644 target/i386/tcg/user/svm_stubs.c diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 324ef92beb77..e6836393f71b 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -2146,8 +2146,16 @@ static inline void cpu_set_fpuc(CPUX86State *env, uint16_t fpuc) void helper_lock_init(void); /* svm_helper.c */ +#ifdef CONFIG_USER_ONLY +static inline void +cpu_svm_check_intercept_param(CPUX86State *env1, uint32_t type, + uint64_t param, uintptr_t retaddr) +{ /* no-op */ } +#else void cpu_svm_check_intercept_param(CPUX86State *env1, uint32_t type, uint64_t param, uintptr_t retaddr); +#endif + /* apic.c */ void cpu_report_tpr_access(CPUX86State *env, TPRAccess access); void apic_handle_tpr_access_report(DeviceState *d, target_ulong ip, diff --git a/target/i386/tcg/user/meson.build b/target/i386/tcg/user/meson.build index 9eac0e69ca38..3555b15bdd97 100644 --- a/target/i386/tcg/user/meson.build +++ b/target/i386/tcg/user/meson.build @@ -1,6 +1,5 @@ i386_user_ss.add(when: ['CONFIG_TCG', 'CONFIG_USER_ONLY'], if_true: files( 'excp_helper.c', 'misc_stubs.c', - 'svm_stubs.c', 'seg_helper.c', )) diff --git a/target/i386/tcg/user/svm_stubs.c b/target/i386/tcg/user/svm_stubs.c deleted file mode 100644 index db818f89a878..000000000000 --- a/target/i386/tcg/user/svm_stubs.c +++ /dev/null @@ -1,28 +0,0 @@ -/* - * x86 SVM helpers (user-mode) - * - * Copyright (c) 2003 Fabrice Bellard - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, see . - */ - -#include "qemu/osdep.h" -#include "cpu.h" -#include "exec/helper-proto.h" -#include "tcg/helper-tcg.h" - -void cpu_svm_check_intercept_param(CPUX86State *env, uint32_t type, - uint64_t param, uintptr_t retaddr) -{ -} From f7803b775919262ccfccba851c0e91a4d34eab08 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:36 -0500 Subject: [PATCH 44/50] target/i386: Eliminate user stubs for read/write_crN, rd/wrmsr Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-45-richard.henderson@linaro.org> --- target/i386/helper.h | 8 ++++---- target/i386/tcg/translate.c | 4 ++++ target/i386/tcg/user/misc_stubs.c | 20 -------------------- 3 files changed, 8 insertions(+), 24 deletions(-) diff --git a/target/i386/helper.h b/target/i386/helper.h index 0264fba33595..1d85f033dfad 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -42,8 +42,6 @@ DEF_HELPER_5(lcall_protected, void, env, int, tl, int, tl) DEF_HELPER_2(iret_real, void, env, int) DEF_HELPER_3(iret_protected, void, env, int, int) DEF_HELPER_3(lret_protected, void, env, int, int) -DEF_HELPER_FLAGS_2(read_crN, TCG_CALL_NO_RWG, tl, env, int) -DEF_HELPER_FLAGS_3(write_crN, TCG_CALL_NO_RWG, void, env, int, tl) DEF_HELPER_1(clts, void, env) #ifndef CONFIG_USER_ONLY @@ -87,8 +85,6 @@ DEF_HELPER_1(cpuid, void, env) DEF_HELPER_1(rdtsc, void, env) DEF_HELPER_1(rdtscp, void, env) DEF_HELPER_FLAGS_1(rdpmc, TCG_CALL_NO_WG, noreturn, env) -DEF_HELPER_1(rdmsr, void, env) -DEF_HELPER_1(wrmsr, void, env) DEF_HELPER_2(check_iob, void, env, i32) DEF_HELPER_2(check_iow, void, env, i32) @@ -114,6 +110,10 @@ DEF_HELPER_FLAGS_2(flush_page, TCG_CALL_NO_RWG, void, env, tl) DEF_HELPER_FLAGS_2(hlt, TCG_CALL_NO_WG, noreturn, env, int) DEF_HELPER_FLAGS_2(monitor, TCG_CALL_NO_WG, void, env, tl) DEF_HELPER_FLAGS_2(mwait, TCG_CALL_NO_WG, noreturn, env, int) +DEF_HELPER_1(rdmsr, void, env) +DEF_HELPER_1(wrmsr, void, env) +DEF_HELPER_FLAGS_2(read_crN, TCG_CALL_NO_RWG, tl, env, int) +DEF_HELPER_FLAGS_3(write_crN, TCG_CALL_NO_RWG, void, env, int, tl) #endif /* !CONFIG_USER_ONLY */ /* x86 FPU */ diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index eb11a75e8668..9501089861d0 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -198,6 +198,8 @@ STUB_HELPER(flush_page, TCGv_env env, TCGv addr) STUB_HELPER(hlt, TCGv_env env, TCGv_i32 pc_ofs) STUB_HELPER(monitor, TCGv_env env, TCGv addr) STUB_HELPER(mwait, TCGv_env env, TCGv_i32 pc_ofs) +STUB_HELPER(rdmsr, TCGv_env env) +STUB_HELPER(read_crN, TCGv ret, TCGv_env env, TCGv_i32 reg) STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val) STUB_HELPER(stgi, TCGv_env env) STUB_HELPER(svm_check_intercept, TCGv_env env, TCGv_i32 type) @@ -206,6 +208,8 @@ STUB_HELPER(vmload, TCGv_env env, TCGv_i32 aflag) STUB_HELPER(vmmcall, TCGv_env env) STUB_HELPER(vmrun, TCGv_env env, TCGv_i32 aflag, TCGv_i32 pc_ofs) STUB_HELPER(vmsave, TCGv_env env, TCGv_i32 aflag) +STUB_HELPER(write_crN, TCGv_env env, TCGv_i32 reg, TCGv val) +STUB_HELPER(wrmsr, TCGv_env env) #endif static void gen_eob(DisasContext *s); diff --git a/target/i386/tcg/user/misc_stubs.c b/target/i386/tcg/user/misc_stubs.c index 84df4e65ff0e..df38b44d6e21 100644 --- a/target/i386/tcg/user/misc_stubs.c +++ b/target/i386/tcg/user/misc_stubs.c @@ -53,23 +53,3 @@ target_ulong helper_inl(CPUX86State *env, uint32_t port) g_assert_not_reached(); return 0; } - -target_ulong helper_read_crN(CPUX86State *env, int reg) -{ - g_assert_not_reached(); -} - -void helper_write_crN(CPUX86State *env, int reg, target_ulong t0) -{ - g_assert_not_reached(); -} - -void helper_wrmsr(CPUX86State *env) -{ - g_assert_not_reached(); -} - -void helper_rdmsr(CPUX86State *env) -{ - g_assert_not_reached(); -} From 244843b757220c432e0e9ae8d2210218c034730d Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:37 -0500 Subject: [PATCH 45/50] target/i386: Exit tb after wrmsr At minimum, wrmsr can change efer, which affects HF_LMA. Cc: qemu-stable@nongnu.org Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-46-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 9501089861d0..ef0ba822e1ec 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -7260,6 +7260,8 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_helper_rdmsr(cpu_env); } else { gen_helper_wrmsr(cpu_env); + gen_jmp_im(s, s->pc - s->cs_base); + gen_eob(s); } } break; From bc2e436d7c77dda990567e0b308f767ea0f6443d Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:38 -0500 Subject: [PATCH 46/50] target/i386: Tidy gen_check_io Get cur_eip from DisasContext. Do not require the caller to use svm_is_rep; get prefix from DisasContext. Use the proper symbolic constants for SVM_IOIO_*. While we're touching all call sites, return bool in preparation for gen_check_io raising #GP. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-47-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 57 +++++++++++++++++++------------------ 1 file changed, 30 insertions(+), 27 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index ef0ba822e1ec..2282c3598ced 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -674,13 +674,10 @@ static void gen_helper_out_func(MemOp ot, TCGv_i32 v, TCGv_i32 n) } } -static void gen_check_io(DisasContext *s, MemOp ot, target_ulong cur_eip, - uint32_t svm_flags) +static bool gen_check_io(DisasContext *s, MemOp ot, uint32_t svm_flags) { - target_ulong next_eip; - + tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); if (PE(s) && (CPL(s) > IOPL(s) || VM86(s))) { - tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); switch (ot) { case MO_8: gen_helper_check_iob(cpu_env, s->tmp2_i32); @@ -696,15 +693,20 @@ static void gen_check_io(DisasContext *s, MemOp ot, target_ulong cur_eip, } } if (GUEST(s)) { + target_ulong cur_eip = s->base.pc_next - s->cs_base; + target_ulong next_eip = s->pc - s->cs_base; + gen_update_cc_op(s); gen_jmp_im(s, cur_eip); - svm_flags |= (1 << (4 + ot)); - next_eip = s->pc - s->cs_base; - tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); + if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ)) { + svm_flags |= SVM_IOIO_REP_MASK; + } + svm_flags |= 1 << (SVM_IOIO_SIZE_SHIFT + ot); gen_helper_svm_check_io(cpu_env, s->tmp2_i32, - tcg_const_i32(svm_flags), - tcg_const_i32(next_eip - cur_eip)); + tcg_constant_i32(svm_flags), + tcg_constant_i32(next_eip - cur_eip)); } + return true; } static inline void gen_movs(DisasContext *s, MemOp ot) @@ -2425,11 +2427,6 @@ static void gen_movl_seg_T0(DisasContext *s, X86Seg seg_reg) } } -static inline int svm_is_rep(int prefixes) -{ - return ((prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) ? 8 : 0); -} - static void gen_svm_check_intercept(DisasContext *s, uint32_t type) { /* no SVM activated; fast case */ @@ -6483,8 +6480,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x6d: ot = mo_b_d32(b, dflag); tcg_gen_ext16u_tl(s->T0, cpu_regs[R_EDX]); - gen_check_io(s, ot, pc_start - s->cs_base, - SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes) | 4); + if (!gen_check_io(s, ot, SVM_IOIO_TYPE_MASK | SVM_IOIO_STR_MASK)) { + break; + } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); } @@ -6502,8 +6500,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x6f: ot = mo_b_d32(b, dflag); tcg_gen_ext16u_tl(s->T0, cpu_regs[R_EDX]); - gen_check_io(s, ot, pc_start - s->cs_base, - svm_is_rep(prefixes) | 4); + if (!gen_check_io(s, ot, SVM_IOIO_STR_MASK)) { + break; + } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); } @@ -6526,8 +6525,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) ot = mo_b_d32(b, dflag); val = x86_ldub_code(env, s); tcg_gen_movi_tl(s->T0, val); - gen_check_io(s, ot, pc_start - s->cs_base, - SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes)); + if (!gen_check_io(s, ot, SVM_IOIO_TYPE_MASK)) { + break; + } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); } @@ -6544,8 +6544,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) ot = mo_b_d32(b, dflag); val = x86_ldub_code(env, s); tcg_gen_movi_tl(s->T0, val); - gen_check_io(s, ot, pc_start - s->cs_base, - svm_is_rep(prefixes)); + if (!gen_check_io(s, ot, 0)) { + break; + } gen_op_mov_v_reg(s, ot, s->T1, R_EAX); if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { @@ -6563,8 +6564,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xed: ot = mo_b_d32(b, dflag); tcg_gen_ext16u_tl(s->T0, cpu_regs[R_EDX]); - gen_check_io(s, ot, pc_start - s->cs_base, - SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes)); + if (!gen_check_io(s, ot, SVM_IOIO_TYPE_MASK)) { + break; + } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); } @@ -6580,8 +6582,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xef: ot = mo_b_d32(b, dflag); tcg_gen_ext16u_tl(s->T0, cpu_regs[R_EDX]); - gen_check_io(s, ot, pc_start - s->cs_base, - svm_is_rep(prefixes)); + if (!gen_check_io(s, ot, 0)) { + break; + } gen_op_mov_v_reg(s, ot, s->T1, R_EAX); if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { From 1bca40fe42a97eac3d5c5a5e772ea3ec9e82cc62 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:39 -0500 Subject: [PATCH 47/50] target/i386: Pass in port to gen_check_io Pass in a pre-truncated TCGv_i32 value. We were doing the truncation of EDX in multiple places, now only once per insn. While all callers use s->tmp2_i32, for cleanliness of the subroutine, use a parameter anyway. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-48-richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 55 +++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 2282c3598ced..94193a8e0032 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -674,19 +674,23 @@ static void gen_helper_out_func(MemOp ot, TCGv_i32 v, TCGv_i32 n) } } -static bool gen_check_io(DisasContext *s, MemOp ot, uint32_t svm_flags) +/* + * Validate that access to [port, port + 1<tmp2_i32, s->T0); if (PE(s) && (CPL(s) > IOPL(s) || VM86(s))) { switch (ot) { case MO_8: - gen_helper_check_iob(cpu_env, s->tmp2_i32); + gen_helper_check_iob(cpu_env, port); break; case MO_16: - gen_helper_check_iow(cpu_env, s->tmp2_i32); + gen_helper_check_iow(cpu_env, port); break; case MO_32: - gen_helper_check_iol(cpu_env, s->tmp2_i32); + gen_helper_check_iol(cpu_env, port); break; default: tcg_abort(); @@ -702,7 +706,7 @@ static bool gen_check_io(DisasContext *s, MemOp ot, uint32_t svm_flags) svm_flags |= SVM_IOIO_REP_MASK; } svm_flags |= 1 << (SVM_IOIO_SIZE_SHIFT + ot); - gen_helper_svm_check_io(cpu_env, s->tmp2_i32, + gen_helper_svm_check_io(cpu_env, port, tcg_constant_i32(svm_flags), tcg_constant_i32(next_eip - cur_eip)); } @@ -6479,8 +6483,10 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x6c: /* insS */ case 0x6d: ot = mo_b_d32(b, dflag); - tcg_gen_ext16u_tl(s->T0, cpu_regs[R_EDX]); - if (!gen_check_io(s, ot, SVM_IOIO_TYPE_MASK | SVM_IOIO_STR_MASK)) { + tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]); + tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32); + if (!gen_check_io(s, ot, s->tmp2_i32, + SVM_IOIO_TYPE_MASK | SVM_IOIO_STR_MASK)) { break; } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { @@ -6499,8 +6505,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x6e: /* outsS */ case 0x6f: ot = mo_b_d32(b, dflag); - tcg_gen_ext16u_tl(s->T0, cpu_regs[R_EDX]); - if (!gen_check_io(s, ot, SVM_IOIO_STR_MASK)) { + tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]); + tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32); + if (!gen_check_io(s, ot, s->tmp2_i32, SVM_IOIO_STR_MASK)) { break; } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { @@ -6524,14 +6531,13 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xe5: ot = mo_b_d32(b, dflag); val = x86_ldub_code(env, s); - tcg_gen_movi_tl(s->T0, val); - if (!gen_check_io(s, ot, SVM_IOIO_TYPE_MASK)) { + tcg_gen_movi_i32(s->tmp2_i32, val); + if (!gen_check_io(s, ot, s->tmp2_i32, SVM_IOIO_TYPE_MASK)) { break; } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); } - tcg_gen_movi_i32(s->tmp2_i32, val); gen_helper_in_func(ot, s->T1, s->tmp2_i32); gen_op_mov_reg_v(s, ot, R_EAX, s->T1); gen_bpt_io(s, s->tmp2_i32, ot); @@ -6543,16 +6549,14 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xe7: ot = mo_b_d32(b, dflag); val = x86_ldub_code(env, s); - tcg_gen_movi_tl(s->T0, val); - if (!gen_check_io(s, ot, 0)) { + tcg_gen_movi_i32(s->tmp2_i32, val); + if (!gen_check_io(s, ot, s->tmp2_i32, 0)) { break; } - gen_op_mov_v_reg(s, ot, s->T1, R_EAX); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); } - tcg_gen_movi_i32(s->tmp2_i32, val); + gen_op_mov_v_reg(s, ot, s->T1, R_EAX); tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1); gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32); gen_bpt_io(s, s->tmp2_i32, ot); @@ -6563,14 +6567,14 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xec: case 0xed: ot = mo_b_d32(b, dflag); - tcg_gen_ext16u_tl(s->T0, cpu_regs[R_EDX]); - if (!gen_check_io(s, ot, SVM_IOIO_TYPE_MASK)) { + tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]); + tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32); + if (!gen_check_io(s, ot, s->tmp2_i32, SVM_IOIO_TYPE_MASK)) { break; } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); } - tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); gen_helper_in_func(ot, s->T1, s->tmp2_i32); gen_op_mov_reg_v(s, ot, R_EAX, s->T1); gen_bpt_io(s, s->tmp2_i32, ot); @@ -6581,16 +6585,15 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xee: case 0xef: ot = mo_b_d32(b, dflag); - tcg_gen_ext16u_tl(s->T0, cpu_regs[R_EDX]); - if (!gen_check_io(s, ot, 0)) { + tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]); + tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32); + if (!gen_check_io(s, ot, s->tmp2_i32, 0)) { break; } - gen_op_mov_v_reg(s, ot, s->T1, R_EAX); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); } - tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); + gen_op_mov_v_reg(s, ot, s->T1, R_EAX); tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1); gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32); gen_bpt_io(s, s->tmp2_i32, ot); From e49780355674a77c174564fd6b34494475876291 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:40 -0500 Subject: [PATCH 48/50] target/i386: Create helper_check_io MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Drop helper_check_io[bwl] and expose their common subroutine to tcg directly. Signed-off-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20210514151342.384376-49-richard.henderson@linaro.org> --- target/i386/helper.h | 4 +--- target/i386/tcg/seg_helper.c | 21 +++------------------ target/i386/tcg/translate.c | 14 +------------- 3 files changed, 5 insertions(+), 34 deletions(-) diff --git a/target/i386/helper.h b/target/i386/helper.h index 1d85f033dfad..47d0d6769917 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -86,9 +86,7 @@ DEF_HELPER_1(rdtsc, void, env) DEF_HELPER_1(rdtscp, void, env) DEF_HELPER_FLAGS_1(rdpmc, TCG_CALL_NO_WG, noreturn, env) -DEF_HELPER_2(check_iob, void, env, i32) -DEF_HELPER_2(check_iow, void, env, i32) -DEF_HELPER_2(check_iol, void, env, i32) +DEF_HELPER_FLAGS_3(check_io, TCG_CALL_NO_WG, void, env, i32, i32) DEF_HELPER_3(outb, void, env, i32, i32) DEF_HELPER_2(inb, tl, env, i32) DEF_HELPER_3(outw, void, env, i32, i32) diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c index cf3f05152424..69d6e8f6025c 100644 --- a/target/i386/tcg/seg_helper.c +++ b/target/i386/tcg/seg_helper.c @@ -2418,10 +2418,10 @@ void helper_verw(CPUX86State *env, target_ulong selector1) } /* check if Port I/O is allowed in TSS */ -static inline void check_io(CPUX86State *env, int addr, int size, - uintptr_t retaddr) +void helper_check_io(CPUX86State *env, uint32_t addr, uint32_t size) { - int io_offset, val, mask; + uintptr_t retaddr = GETPC(); + uint32_t io_offset, val, mask; /* TSS must be a valid 32 bit one */ if (!(env->tr.flags & DESC_P_MASK) || @@ -2444,18 +2444,3 @@ static inline void check_io(CPUX86State *env, int addr, int size, raise_exception_err_ra(env, EXCP0D_GPF, 0, retaddr); } } - -void helper_check_iob(CPUX86State *env, uint32_t t0) -{ - check_io(env, t0, 1, GETPC()); -} - -void helper_check_iow(CPUX86State *env, uint32_t t0) -{ - check_io(env, t0, 2, GETPC()); -} - -void helper_check_iol(CPUX86State *env, uint32_t t0) -{ - check_io(env, t0, 4, GETPC()); -} diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 94193a8e0032..68ae9b0798bf 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -682,19 +682,7 @@ static bool gen_check_io(DisasContext *s, MemOp ot, TCGv_i32 port, uint32_t svm_flags) { if (PE(s) && (CPL(s) > IOPL(s) || VM86(s))) { - switch (ot) { - case MO_8: - gen_helper_check_iob(cpu_env, port); - break; - case MO_16: - gen_helper_check_iow(cpu_env, port); - break; - case MO_32: - gen_helper_check_iol(cpu_env, port); - break; - default: - tcg_abort(); - } + gen_helper_check_io(cpu_env, port, tcg_constant_i32(1 << ot)); } if (GUEST(s)) { target_ulong cur_eip = s->base.pc_next - s->cs_base; From d76b9c6f07a2981a44887e1d61d51e016d45417c Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:41 -0500 Subject: [PATCH 49/50] target/i386: Move helper_check_io to sysemu MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The we never allow i/o from user-only, and the tss check that helper_check_io does will always fail. Use an ifdef within gen_check_io and return false, indicating that an exception is known to be raised. Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-50-richard.henderson@linaro.org> Signed-off-by: Richard Henderson --- target/i386/helper.h | 2 +- target/i386/tcg/seg_helper.c | 28 ---------------------------- target/i386/tcg/sysemu/seg_helper.c | 29 +++++++++++++++++++++++++++++ target/i386/tcg/translate.c | 11 ++++++++++- 4 files changed, 40 insertions(+), 30 deletions(-) diff --git a/target/i386/helper.h b/target/i386/helper.h index 47d0d6769917..3fd025329865 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -86,7 +86,6 @@ DEF_HELPER_1(rdtsc, void, env) DEF_HELPER_1(rdtscp, void, env) DEF_HELPER_FLAGS_1(rdpmc, TCG_CALL_NO_WG, noreturn, env) -DEF_HELPER_FLAGS_3(check_io, TCG_CALL_NO_WG, void, env, i32, i32) DEF_HELPER_3(outb, void, env, i32, i32) DEF_HELPER_2(inb, tl, env, i32) DEF_HELPER_3(outw, void, env, i32, i32) @@ -95,6 +94,7 @@ DEF_HELPER_3(outl, void, env, i32, i32) DEF_HELPER_2(inl, tl, env, i32) #ifndef CONFIG_USER_ONLY +DEF_HELPER_FLAGS_3(check_io, TCG_CALL_NO_WG, void, env, i32, i32) DEF_HELPER_FLAGS_4(bpt_io, TCG_CALL_NO_WG, void, env, i32, i32, tl) DEF_HELPER_2(svm_check_intercept, void, env, i32) DEF_HELPER_4(svm_check_io, void, env, i32, i32, i32) diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c index 69d6e8f6025c..2f6cdc8239ad 100644 --- a/target/i386/tcg/seg_helper.c +++ b/target/i386/tcg/seg_helper.c @@ -2416,31 +2416,3 @@ void helper_verw(CPUX86State *env, target_ulong selector1) } CC_SRC = eflags | CC_Z; } - -/* check if Port I/O is allowed in TSS */ -void helper_check_io(CPUX86State *env, uint32_t addr, uint32_t size) -{ - uintptr_t retaddr = GETPC(); - uint32_t io_offset, val, mask; - - /* TSS must be a valid 32 bit one */ - if (!(env->tr.flags & DESC_P_MASK) || - ((env->tr.flags >> DESC_TYPE_SHIFT) & 0xf) != 9 || - env->tr.limit < 103) { - goto fail; - } - io_offset = cpu_lduw_kernel_ra(env, env->tr.base + 0x66, retaddr); - io_offset += (addr >> 3); - /* Note: the check needs two bytes */ - if ((io_offset + 1) > env->tr.limit) { - goto fail; - } - val = cpu_lduw_kernel_ra(env, env->tr.base + io_offset, retaddr); - val >>= (addr & 7); - mask = (1 << size) - 1; - /* all bits must be zero to allow the I/O */ - if ((val & mask) != 0) { - fail: - raise_exception_err_ra(env, EXCP0D_GPF, 0, retaddr); - } -} diff --git a/target/i386/tcg/sysemu/seg_helper.c b/target/i386/tcg/sysemu/seg_helper.c index e0d7b32b82c8..82c0856c4173 100644 --- a/target/i386/tcg/sysemu/seg_helper.c +++ b/target/i386/tcg/sysemu/seg_helper.c @@ -23,6 +23,7 @@ #include "exec/helper-proto.h" #include "exec/cpu_ldst.h" #include "tcg/helper-tcg.h" +#include "../seg_helper.h" #ifdef TARGET_X86_64 void helper_syscall(CPUX86State *env, int next_eip_addend) @@ -123,3 +124,31 @@ void x86_cpu_do_interrupt(CPUState *cs) env->old_exception = -1; } } + +/* check if Port I/O is allowed in TSS */ +void helper_check_io(CPUX86State *env, uint32_t addr, uint32_t size) +{ + uintptr_t retaddr = GETPC(); + uint32_t io_offset, val, mask; + + /* TSS must be a valid 32 bit one */ + if (!(env->tr.flags & DESC_P_MASK) || + ((env->tr.flags >> DESC_TYPE_SHIFT) & 0xf) != 9 || + env->tr.limit < 103) { + goto fail; + } + io_offset = cpu_lduw_kernel_ra(env, env->tr.base + 0x66, retaddr); + io_offset += (addr >> 3); + /* Note: the check needs two bytes */ + if ((io_offset + 1) > env->tr.limit) { + goto fail; + } + val = cpu_lduw_kernel_ra(env, env->tr.base + io_offset, retaddr); + val >>= (addr & 7); + mask = (1 << size) - 1; + /* all bits must be zero to allow the I/O */ + if ((val & mask) != 0) { + fail: + raise_exception_err_ra(env, EXCP0D_GPF, 0, retaddr); + } +} diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 68ae9b0798bf..86b93a010d8a 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -203,7 +203,6 @@ STUB_HELPER(read_crN, TCGv ret, TCGv_env env, TCGv_i32 reg) STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val) STUB_HELPER(stgi, TCGv_env env) STUB_HELPER(svm_check_intercept, TCGv_env env, TCGv_i32 type) -STUB_HELPER(svm_check_io, TCGv_env env, TCGv_i32 port, TCGv_i32 p, TCGv_i32 a) STUB_HELPER(vmload, TCGv_env env, TCGv_i32 aflag) STUB_HELPER(vmmcall, TCGv_env env) STUB_HELPER(vmrun, TCGv_env env, TCGv_i32 aflag, TCGv_i32 pc_ofs) @@ -217,6 +216,7 @@ static void gen_jr(DisasContext *s, TCGv dest); static void gen_jmp(DisasContext *s, target_ulong eip); static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num); static void gen_op(DisasContext *s1, int op, MemOp ot, int d); +static void gen_exception_gpf(DisasContext *s); /* i386 arith/logic operations */ enum { @@ -681,6 +681,14 @@ static void gen_helper_out_func(MemOp ot, TCGv_i32 v, TCGv_i32 n) static bool gen_check_io(DisasContext *s, MemOp ot, TCGv_i32 port, uint32_t svm_flags) { +#ifdef CONFIG_USER_ONLY + /* + * We do not implement the ioperm(2) syscall, so the TSS check + * will always fail. + */ + gen_exception_gpf(s); + return false; +#else if (PE(s) && (CPL(s) > IOPL(s) || VM86(s))) { gen_helper_check_io(cpu_env, port, tcg_constant_i32(1 << ot)); } @@ -699,6 +707,7 @@ static bool gen_check_io(DisasContext *s, MemOp ot, TCGv_i32 port, tcg_constant_i32(next_eip - cur_eip)); } return true; +#endif } static inline void gen_movs(DisasContext *s, MemOp ot) From 7fb7c42394c032eeaa419c869ff3b50491f6379d Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 14 May 2021 10:13:42 -0500 Subject: [PATCH 50/50] target/i386: Remove user-only i/o stubs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With the previous patch for check_io, we now have enough for the compiler to dead-code eliminate all of the i/o helpers. Signed-off-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Paolo Bonzini Message-Id: <20210514151342.384376-51-richard.henderson@linaro.org> --- target/i386/helper.h | 3 +- target/i386/tcg/translate.c | 6 ++++ target/i386/tcg/user/meson.build | 1 - target/i386/tcg/user/misc_stubs.c | 55 ------------------------------- 4 files changed, 7 insertions(+), 58 deletions(-) delete mode 100644 target/i386/tcg/user/misc_stubs.c diff --git a/target/i386/helper.h b/target/i386/helper.h index 3fd025329865..f3d8c3f949ad 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -86,14 +86,13 @@ DEF_HELPER_1(rdtsc, void, env) DEF_HELPER_1(rdtscp, void, env) DEF_HELPER_FLAGS_1(rdpmc, TCG_CALL_NO_WG, noreturn, env) +#ifndef CONFIG_USER_ONLY DEF_HELPER_3(outb, void, env, i32, i32) DEF_HELPER_2(inb, tl, env, i32) DEF_HELPER_3(outw, void, env, i32, i32) DEF_HELPER_2(inw, tl, env, i32) DEF_HELPER_3(outl, void, env, i32, i32) DEF_HELPER_2(inl, tl, env, i32) - -#ifndef CONFIG_USER_ONLY DEF_HELPER_FLAGS_3(check_io, TCG_CALL_NO_WG, void, env, i32, i32) DEF_HELPER_FLAGS_4(bpt_io, TCG_CALL_NO_WG, void, env, i32, i32, tl) DEF_HELPER_2(svm_check_intercept, void, env, i32) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 86b93a010d8a..051b6dff1848 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -196,8 +196,14 @@ typedef struct DisasContext { STUB_HELPER(clgi, TCGv_env env) STUB_HELPER(flush_page, TCGv_env env, TCGv addr) STUB_HELPER(hlt, TCGv_env env, TCGv_i32 pc_ofs) +STUB_HELPER(inb, TCGv ret, TCGv_env env, TCGv_i32 port) +STUB_HELPER(inw, TCGv ret, TCGv_env env, TCGv_i32 port) +STUB_HELPER(inl, TCGv ret, TCGv_env env, TCGv_i32 port) STUB_HELPER(monitor, TCGv_env env, TCGv addr) STUB_HELPER(mwait, TCGv_env env, TCGv_i32 pc_ofs) +STUB_HELPER(outb, TCGv_env env, TCGv_i32 port, TCGv_i32 val) +STUB_HELPER(outw, TCGv_env env, TCGv_i32 port, TCGv_i32 val) +STUB_HELPER(outl, TCGv_env env, TCGv_i32 port, TCGv_i32 val) STUB_HELPER(rdmsr, TCGv_env env) STUB_HELPER(read_crN, TCGv ret, TCGv_env env, TCGv_i32 reg) STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val) diff --git a/target/i386/tcg/user/meson.build b/target/i386/tcg/user/meson.build index 3555b15bdd97..1df6bc434393 100644 --- a/target/i386/tcg/user/meson.build +++ b/target/i386/tcg/user/meson.build @@ -1,5 +1,4 @@ i386_user_ss.add(when: ['CONFIG_TCG', 'CONFIG_USER_ONLY'], if_true: files( 'excp_helper.c', - 'misc_stubs.c', 'seg_helper.c', )) diff --git a/target/i386/tcg/user/misc_stubs.c b/target/i386/tcg/user/misc_stubs.c deleted file mode 100644 index df38b44d6e21..000000000000 --- a/target/i386/tcg/user/misc_stubs.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * x86 misc helpers - * - * Copyright (c) 2003 Fabrice Bellard - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, see . - */ - -#include "qemu/osdep.h" -#include "cpu.h" -#include "exec/helper-proto.h" - -void helper_outb(CPUX86State *env, uint32_t port, uint32_t data) -{ - g_assert_not_reached(); -} - -target_ulong helper_inb(CPUX86State *env, uint32_t port) -{ - g_assert_not_reached(); - return 0; -} - -void helper_outw(CPUX86State *env, uint32_t port, uint32_t data) -{ - g_assert_not_reached(); -} - -target_ulong helper_inw(CPUX86State *env, uint32_t port) -{ - g_assert_not_reached(); - return 0; -} - -void helper_outl(CPUX86State *env, uint32_t port, uint32_t data) -{ - g_assert_not_reached(); -} - -target_ulong helper_inl(CPUX86State *env, uint32_t port) -{ - g_assert_not_reached(); - return 0; -}