target/i386: Implement access and limit checks

Check that (most) memory accesses by the guest are within the
appropriate segment limits and, for protected mode, check that writes
are to writable segments.

Signed-off-by: Stephen Checkoway <stephen.checkoway@oberlin.edu>

target/i386/helper.h

@@ -29,6 +29,9 @@ DEF_HELPER_1(aas, void, env)
 DEF_HELPER_1(daa, void, env)
 DEF_HELPER_1(das, void, env)
 
+DEF_HELPER_4(limit_check, void, env, tl, i32, i32)
+DEF_HELPER_4(limit_write_check, void, env, tl, i32, i32)
+
 DEF_HELPER_2(lsl, tl, env, tl)
 DEF_HELPER_2(lar, tl, env, tl)
 DEF_HELPER_2(verr, void, env, tl)

target/i386/seg_helper.c

@@ -2441,6 +2441,38 @@ void helper_sysexit(CPUX86State *env, int dflag)
     env->eip = env->regs[R_EDX];
 }
 
+void helper_limit_check(CPUX86State *env, target_ulong offset, uint32_t seg,
+                        uint32_t access_limit)
+{
+    uint32_t flags = env->segs[seg].flags;
+    uint32_t limit = env->segs[seg].limit;
+    if ((flags & DESC_CS_MASK) || !(flags & DESC_E_MASK)) {
+        /* Code segment or normal data segment. */
+        if (likely(access_limit <= limit) &&
+            likely(offset <= limit - access_limit)) {
+            return;
+        }
+    } else {
+        /* Expand down data segment. */
+        if (likely(offset <= 0xffffffff - access_limit) &&
+            likely(offset > limit)) {
+            return;
+        }
+    }
+    raise_exception(env, seg == R_SS ? EXCP0C_STACK : EXCP0D_GPF);
+}
+
+void helper_limit_write_check(CPUX86State *env, target_ulong offset,
+                              uint32_t seg, uint32_t access_limit)
+{
+    if (likely((env->segs[seg].flags & (DESC_CS_MASK | DESC_W_MASK)) ==
+               DESC_W_MASK)) {
+        helper_limit_check(env, offset, seg, access_limit);
+        return;
+    }
+    raise_exception(env, EXCP0D_GPF);
+}
+
 target_ulong helper_lsl(CPUX86State *env, target_ulong selector1)
 {
     unsigned int limit;