xref: /openbmc/qemu/target/i386/helper.c (revision 58ea30f5)
1 /*
2  *  i386 helpers (without register variable usage)
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "cpu.h"
22 #include "exec/exec-all.h"
23 #include "qemu/qemu-print.h"
24 #include "sysemu/kvm.h"
25 #include "kvm_i386.h"
26 #ifndef CONFIG_USER_ONLY
27 #include "sysemu/sysemu.h"
28 #include "sysemu/hw_accel.h"
29 #include "monitor/monitor.h"
30 #include "hw/i386/apic_internal.h"
31 #endif
32 
33 void cpu_sync_bndcs_hflags(CPUX86State *env)
34 {
35     uint32_t hflags = env->hflags;
36     uint32_t hflags2 = env->hflags2;
37     uint32_t bndcsr;
38 
39     if ((hflags & HF_CPL_MASK) == 3) {
40         bndcsr = env->bndcs_regs.cfgu;
41     } else {
42         bndcsr = env->msr_bndcfgs;
43     }
44 
45     if ((env->cr[4] & CR4_OSXSAVE_MASK)
46         && (env->xcr0 & XSTATE_BNDCSR_MASK)
47         && (bndcsr & BNDCFG_ENABLE)) {
48         hflags |= HF_MPX_EN_MASK;
49     } else {
50         hflags &= ~HF_MPX_EN_MASK;
51     }
52 
53     if (bndcsr & BNDCFG_BNDPRESERVE) {
54         hflags2 |= HF2_MPX_PR_MASK;
55     } else {
56         hflags2 &= ~HF2_MPX_PR_MASK;
57     }
58 
59     env->hflags = hflags;
60     env->hflags2 = hflags2;
61 }
62 
63 static void cpu_x86_version(CPUX86State *env, int *family, int *model)
64 {
65     int cpuver = env->cpuid_version;
66 
67     if (family == NULL || model == NULL) {
68         return;
69     }
70 
71     *family = (cpuver >> 8) & 0x0f;
72     *model = ((cpuver >> 12) & 0xf0) + ((cpuver >> 4) & 0x0f);
73 }
74 
75 /* Broadcast MCA signal for processor version 06H_EH and above */
76 int cpu_x86_support_mca_broadcast(CPUX86State *env)
77 {
78     int family = 0;
79     int model = 0;
80 
81     cpu_x86_version(env, &family, &model);
82     if ((family == 6 && model >= 14) || family > 6) {
83         return 1;
84     }
85 
86     return 0;
87 }
88 
89 /***********************************************************/
90 /* x86 debug */
91 
92 static const char *cc_op_str[CC_OP_NB] = {
93     "DYNAMIC",
94     "EFLAGS",
95 
96     "MULB",
97     "MULW",
98     "MULL",
99     "MULQ",
100 
101     "ADDB",
102     "ADDW",
103     "ADDL",
104     "ADDQ",
105 
106     "ADCB",
107     "ADCW",
108     "ADCL",
109     "ADCQ",
110 
111     "SUBB",
112     "SUBW",
113     "SUBL",
114     "SUBQ",
115 
116     "SBBB",
117     "SBBW",
118     "SBBL",
119     "SBBQ",
120 
121     "LOGICB",
122     "LOGICW",
123     "LOGICL",
124     "LOGICQ",
125 
126     "INCB",
127     "INCW",
128     "INCL",
129     "INCQ",
130 
131     "DECB",
132     "DECW",
133     "DECL",
134     "DECQ",
135 
136     "SHLB",
137     "SHLW",
138     "SHLL",
139     "SHLQ",
140 
141     "SARB",
142     "SARW",
143     "SARL",
144     "SARQ",
145 
146     "BMILGB",
147     "BMILGW",
148     "BMILGL",
149     "BMILGQ",
150 
151     "ADCX",
152     "ADOX",
153     "ADCOX",
154 
155     "CLR",
156 };
157 
158 static void
159 cpu_x86_dump_seg_cache(CPUX86State *env, FILE *f,
160                        const char *name, struct SegmentCache *sc)
161 {
162 #ifdef TARGET_X86_64
163     if (env->hflags & HF_CS64_MASK) {
164         qemu_fprintf(f, "%-3s=%04x %016" PRIx64 " %08x %08x", name,
165                      sc->selector, sc->base, sc->limit,
166                      sc->flags & 0x00ffff00);
167     } else
168 #endif
169     {
170         qemu_fprintf(f, "%-3s=%04x %08x %08x %08x", name, sc->selector,
171                      (uint32_t)sc->base, sc->limit,
172                      sc->flags & 0x00ffff00);
173     }
174 
175     if (!(env->hflags & HF_PE_MASK) || !(sc->flags & DESC_P_MASK))
176         goto done;
177 
178     qemu_fprintf(f, " DPL=%d ",
179                  (sc->flags & DESC_DPL_MASK) >> DESC_DPL_SHIFT);
180     if (sc->flags & DESC_S_MASK) {
181         if (sc->flags & DESC_CS_MASK) {
182             qemu_fprintf(f, (sc->flags & DESC_L_MASK) ? "CS64" :
183                          ((sc->flags & DESC_B_MASK) ? "CS32" : "CS16"));
184             qemu_fprintf(f, " [%c%c", (sc->flags & DESC_C_MASK) ? 'C' : '-',
185                          (sc->flags & DESC_R_MASK) ? 'R' : '-');
186         } else {
187             qemu_fprintf(f, (sc->flags & DESC_B_MASK
188                              || env->hflags & HF_LMA_MASK)
189                          ? "DS  " : "DS16");
190             qemu_fprintf(f, " [%c%c", (sc->flags & DESC_E_MASK) ? 'E' : '-',
191                          (sc->flags & DESC_W_MASK) ? 'W' : '-');
192         }
193         qemu_fprintf(f, "%c]", (sc->flags & DESC_A_MASK) ? 'A' : '-');
194     } else {
195         static const char *sys_type_name[2][16] = {
196             { /* 32 bit mode */
197                 "Reserved", "TSS16-avl", "LDT", "TSS16-busy",
198                 "CallGate16", "TaskGate", "IntGate16", "TrapGate16",
199                 "Reserved", "TSS32-avl", "Reserved", "TSS32-busy",
200                 "CallGate32", "Reserved", "IntGate32", "TrapGate32"
201             },
202             { /* 64 bit mode */
203                 "<hiword>", "Reserved", "LDT", "Reserved", "Reserved",
204                 "Reserved", "Reserved", "Reserved", "Reserved",
205                 "TSS64-avl", "Reserved", "TSS64-busy", "CallGate64",
206                 "Reserved", "IntGate64", "TrapGate64"
207             }
208         };
209         qemu_fprintf(f, "%s",
210                      sys_type_name[(env->hflags & HF_LMA_MASK) ? 1 : 0]
211                      [(sc->flags & DESC_TYPE_MASK) >> DESC_TYPE_SHIFT]);
212     }
213 done:
214     qemu_fprintf(f, "\n");
215 }
216 
217 #ifndef CONFIG_USER_ONLY
218 
219 /* ARRAY_SIZE check is not required because
220  * DeliveryMode(dm) has a size of 3 bit.
221  */
222 static inline const char *dm2str(uint32_t dm)
223 {
224     static const char *str[] = {
225         "Fixed",
226         "...",
227         "SMI",
228         "...",
229         "NMI",
230         "INIT",
231         "...",
232         "ExtINT"
233     };
234     return str[dm];
235 }
236 
237 static void dump_apic_lvt(const char *name, uint32_t lvt, bool is_timer)
238 {
239     uint32_t dm = (lvt & APIC_LVT_DELIV_MOD) >> APIC_LVT_DELIV_MOD_SHIFT;
240     qemu_printf("%s\t 0x%08x %s %-5s %-6s %-7s %-12s %-6s",
241                 name, lvt,
242                 lvt & APIC_LVT_INT_POLARITY ? "active-lo" : "active-hi",
243                 lvt & APIC_LVT_LEVEL_TRIGGER ? "level" : "edge",
244                 lvt & APIC_LVT_MASKED ? "masked" : "",
245                 lvt & APIC_LVT_DELIV_STS ? "pending" : "",
246                 !is_timer ?
247                     "" : lvt & APIC_LVT_TIMER_PERIODIC ?
248                             "periodic" : lvt & APIC_LVT_TIMER_TSCDEADLINE ?
249                                             "tsc-deadline" : "one-shot",
250                 dm2str(dm));
251     if (dm != APIC_DM_NMI) {
252         qemu_printf(" (vec %u)\n", lvt & APIC_VECTOR_MASK);
253     } else {
254         qemu_printf("\n");
255     }
256 }
257 
258 /* ARRAY_SIZE check is not required because
259  * destination shorthand has a size of 2 bit.
260  */
261 static inline const char *shorthand2str(uint32_t shorthand)
262 {
263     const char *str[] = {
264         "no-shorthand", "self", "all-self", "all"
265     };
266     return str[shorthand];
267 }
268 
269 static inline uint8_t divider_conf(uint32_t divide_conf)
270 {
271     uint8_t divide_val = ((divide_conf & 0x8) >> 1) | (divide_conf & 0x3);
272 
273     return divide_val == 7 ? 1 : 2 << divide_val;
274 }
275 
276 static inline void mask2str(char *str, uint32_t val, uint8_t size)
277 {
278     while (size--) {
279         *str++ = (val >> size) & 1 ? '1' : '0';
280     }
281     *str = 0;
282 }
283 
284 #define MAX_LOGICAL_APIC_ID_MASK_SIZE 16
285 
286 static void dump_apic_icr(APICCommonState *s, CPUX86State *env)
287 {
288     uint32_t icr = s->icr[0], icr2 = s->icr[1];
289     uint8_t dest_shorthand = \
290         (icr & APIC_ICR_DEST_SHORT) >> APIC_ICR_DEST_SHORT_SHIFT;
291     bool logical_mod = icr & APIC_ICR_DEST_MOD;
292     char apic_id_str[MAX_LOGICAL_APIC_ID_MASK_SIZE + 1];
293     uint32_t dest_field;
294     bool x2apic;
295 
296     qemu_printf("ICR\t 0x%08x %s %s %s %s\n",
297                 icr,
298                 logical_mod ? "logical" : "physical",
299                 icr & APIC_ICR_TRIGGER_MOD ? "level" : "edge",
300                 icr & APIC_ICR_LEVEL ? "assert" : "de-assert",
301                 shorthand2str(dest_shorthand));
302 
303     qemu_printf("ICR2\t 0x%08x", icr2);
304     if (dest_shorthand != 0) {
305         qemu_printf("\n");
306         return;
307     }
308     x2apic = env->features[FEAT_1_ECX] & CPUID_EXT_X2APIC;
309     dest_field = x2apic ? icr2 : icr2 >> APIC_ICR_DEST_SHIFT;
310 
311     if (!logical_mod) {
312         if (x2apic) {
313             qemu_printf(" cpu %u (X2APIC ID)\n", dest_field);
314         } else {
315             qemu_printf(" cpu %u (APIC ID)\n",
316                         dest_field & APIC_LOGDEST_XAPIC_ID);
317         }
318         return;
319     }
320 
321     if (s->dest_mode == 0xf) { /* flat mode */
322         mask2str(apic_id_str, icr2 >> APIC_ICR_DEST_SHIFT, 8);
323         qemu_printf(" mask %s (APIC ID)\n", apic_id_str);
324     } else if (s->dest_mode == 0) { /* cluster mode */
325         if (x2apic) {
326             mask2str(apic_id_str, dest_field & APIC_LOGDEST_X2APIC_ID, 16);
327             qemu_printf(" cluster %u mask %s (X2APIC ID)\n",
328                         dest_field >> APIC_LOGDEST_X2APIC_SHIFT, apic_id_str);
329         } else {
330             mask2str(apic_id_str, dest_field & APIC_LOGDEST_XAPIC_ID, 4);
331             qemu_printf(" cluster %u mask %s (APIC ID)\n",
332                         dest_field >> APIC_LOGDEST_XAPIC_SHIFT, apic_id_str);
333         }
334     }
335 }
336 
337 static void dump_apic_interrupt(const char *name, uint32_t *ireg_tab,
338                                 uint32_t *tmr_tab)
339 {
340     int i, empty = true;
341 
342     qemu_printf("%s\t ", name);
343     for (i = 0; i < 256; i++) {
344         if (apic_get_bit(ireg_tab, i)) {
345             qemu_printf("%u%s ", i,
346                         apic_get_bit(tmr_tab, i) ? "(level)" : "");
347             empty = false;
348         }
349     }
350     qemu_printf("%s\n", empty ? "(none)" : "");
351 }
352 
353 void x86_cpu_dump_local_apic_state(CPUState *cs, int flags)
354 {
355     X86CPU *cpu = X86_CPU(cs);
356     APICCommonState *s = APIC_COMMON(cpu->apic_state);
357     if (!s) {
358         qemu_printf("local apic state not available\n");
359         return;
360     }
361     uint32_t *lvt = s->lvt;
362 
363     qemu_printf("dumping local APIC state for CPU %-2u\n\n",
364                 CPU(cpu)->cpu_index);
365     dump_apic_lvt("LVT0", lvt[APIC_LVT_LINT0], false);
366     dump_apic_lvt("LVT1", lvt[APIC_LVT_LINT1], false);
367     dump_apic_lvt("LVTPC", lvt[APIC_LVT_PERFORM], false);
368     dump_apic_lvt("LVTERR", lvt[APIC_LVT_ERROR], false);
369     dump_apic_lvt("LVTTHMR", lvt[APIC_LVT_THERMAL], false);
370     dump_apic_lvt("LVTT", lvt[APIC_LVT_TIMER], true);
371 
372     qemu_printf("Timer\t DCR=0x%x (divide by %u) initial_count = %u\n",
373                 s->divide_conf & APIC_DCR_MASK,
374                 divider_conf(s->divide_conf),
375                 s->initial_count);
376 
377     qemu_printf("SPIV\t 0x%08x APIC %s, focus=%s, spurious vec %u\n",
378                 s->spurious_vec,
379                 s->spurious_vec & APIC_SPURIO_ENABLED ? "enabled" : "disabled",
380                 s->spurious_vec & APIC_SPURIO_FOCUS ? "on" : "off",
381                 s->spurious_vec & APIC_VECTOR_MASK);
382 
383     dump_apic_icr(s, &cpu->env);
384 
385     qemu_printf("ESR\t 0x%08x\n", s->esr);
386 
387     dump_apic_interrupt("ISR", s->isr, s->tmr);
388     dump_apic_interrupt("IRR", s->irr, s->tmr);
389 
390     qemu_printf("\nAPR 0x%02x TPR 0x%02x DFR 0x%02x LDR 0x%02x",
391                 s->arb_id, s->tpr, s->dest_mode, s->log_dest);
392     if (s->dest_mode == 0) {
393         qemu_printf("(cluster %u: id %u)",
394                     s->log_dest >> APIC_LOGDEST_XAPIC_SHIFT,
395                     s->log_dest & APIC_LOGDEST_XAPIC_ID);
396     }
397     qemu_printf(" PPR 0x%02x\n", apic_get_ppr(s));
398 }
399 #else
400 void x86_cpu_dump_local_apic_state(CPUState *cs, int flags)
401 {
402 }
403 #endif /* !CONFIG_USER_ONLY */
404 
405 #define DUMP_CODE_BYTES_TOTAL    50
406 #define DUMP_CODE_BYTES_BACKWARD 20
407 
408 void x86_cpu_dump_state(CPUState *cs, FILE *f, int flags)
409 {
410     X86CPU *cpu = X86_CPU(cs);
411     CPUX86State *env = &cpu->env;
412     int eflags, i, nb;
413     char cc_op_name[32];
414     static const char *seg_name[6] = { "ES", "CS", "SS", "DS", "FS", "GS" };
415 
416     eflags = cpu_compute_eflags(env);
417 #ifdef TARGET_X86_64
418     if (env->hflags & HF_CS64_MASK) {
419         qemu_fprintf(f, "RAX=%016" PRIx64 " RBX=%016" PRIx64 " RCX=%016" PRIx64 " RDX=%016" PRIx64 "\n"
420                      "RSI=%016" PRIx64 " RDI=%016" PRIx64 " RBP=%016" PRIx64 " RSP=%016" PRIx64 "\n"
421                      "R8 =%016" PRIx64 " R9 =%016" PRIx64 " R10=%016" PRIx64 " R11=%016" PRIx64 "\n"
422                      "R12=%016" PRIx64 " R13=%016" PRIx64 " R14=%016" PRIx64 " R15=%016" PRIx64 "\n"
423                      "RIP=%016" PRIx64 " RFL=%08x [%c%c%c%c%c%c%c] CPL=%d II=%d A20=%d SMM=%d HLT=%d\n",
424                      env->regs[R_EAX],
425                      env->regs[R_EBX],
426                      env->regs[R_ECX],
427                      env->regs[R_EDX],
428                      env->regs[R_ESI],
429                      env->regs[R_EDI],
430                      env->regs[R_EBP],
431                      env->regs[R_ESP],
432                      env->regs[8],
433                      env->regs[9],
434                      env->regs[10],
435                      env->regs[11],
436                      env->regs[12],
437                      env->regs[13],
438                      env->regs[14],
439                      env->regs[15],
440                      env->eip, eflags,
441                      eflags & DF_MASK ? 'D' : '-',
442                      eflags & CC_O ? 'O' : '-',
443                      eflags & CC_S ? 'S' : '-',
444                      eflags & CC_Z ? 'Z' : '-',
445                      eflags & CC_A ? 'A' : '-',
446                      eflags & CC_P ? 'P' : '-',
447                      eflags & CC_C ? 'C' : '-',
448                      env->hflags & HF_CPL_MASK,
449                      (env->hflags >> HF_INHIBIT_IRQ_SHIFT) & 1,
450                      (env->a20_mask >> 20) & 1,
451                      (env->hflags >> HF_SMM_SHIFT) & 1,
452                      cs->halted);
453     } else
454 #endif
455     {
456         qemu_fprintf(f, "EAX=%08x EBX=%08x ECX=%08x EDX=%08x\n"
457                      "ESI=%08x EDI=%08x EBP=%08x ESP=%08x\n"
458                      "EIP=%08x EFL=%08x [%c%c%c%c%c%c%c] CPL=%d II=%d A20=%d SMM=%d HLT=%d\n",
459                      (uint32_t)env->regs[R_EAX],
460                      (uint32_t)env->regs[R_EBX],
461                      (uint32_t)env->regs[R_ECX],
462                      (uint32_t)env->regs[R_EDX],
463                      (uint32_t)env->regs[R_ESI],
464                      (uint32_t)env->regs[R_EDI],
465                      (uint32_t)env->regs[R_EBP],
466                      (uint32_t)env->regs[R_ESP],
467                      (uint32_t)env->eip, eflags,
468                      eflags & DF_MASK ? 'D' : '-',
469                      eflags & CC_O ? 'O' : '-',
470                      eflags & CC_S ? 'S' : '-',
471                      eflags & CC_Z ? 'Z' : '-',
472                      eflags & CC_A ? 'A' : '-',
473                      eflags & CC_P ? 'P' : '-',
474                      eflags & CC_C ? 'C' : '-',
475                      env->hflags & HF_CPL_MASK,
476                      (env->hflags >> HF_INHIBIT_IRQ_SHIFT) & 1,
477                      (env->a20_mask >> 20) & 1,
478                      (env->hflags >> HF_SMM_SHIFT) & 1,
479                      cs->halted);
480     }
481 
482     for(i = 0; i < 6; i++) {
483         cpu_x86_dump_seg_cache(env, f, seg_name[i], &env->segs[i]);
484     }
485     cpu_x86_dump_seg_cache(env, f, "LDT", &env->ldt);
486     cpu_x86_dump_seg_cache(env, f, "TR", &env->tr);
487 
488 #ifdef TARGET_X86_64
489     if (env->hflags & HF_LMA_MASK) {
490         qemu_fprintf(f, "GDT=     %016" PRIx64 " %08x\n",
491                      env->gdt.base, env->gdt.limit);
492         qemu_fprintf(f, "IDT=     %016" PRIx64 " %08x\n",
493                      env->idt.base, env->idt.limit);
494         qemu_fprintf(f, "CR0=%08x CR2=%016" PRIx64 " CR3=%016" PRIx64 " CR4=%08x\n",
495                      (uint32_t)env->cr[0],
496                      env->cr[2],
497                      env->cr[3],
498                      (uint32_t)env->cr[4]);
499         for(i = 0; i < 4; i++)
500             qemu_fprintf(f, "DR%d=%016" PRIx64 " ", i, env->dr[i]);
501         qemu_fprintf(f, "\nDR6=%016" PRIx64 " DR7=%016" PRIx64 "\n",
502                      env->dr[6], env->dr[7]);
503     } else
504 #endif
505     {
506         qemu_fprintf(f, "GDT=     %08x %08x\n",
507                      (uint32_t)env->gdt.base, env->gdt.limit);
508         qemu_fprintf(f, "IDT=     %08x %08x\n",
509                      (uint32_t)env->idt.base, env->idt.limit);
510         qemu_fprintf(f, "CR0=%08x CR2=%08x CR3=%08x CR4=%08x\n",
511                      (uint32_t)env->cr[0],
512                      (uint32_t)env->cr[2],
513                      (uint32_t)env->cr[3],
514                      (uint32_t)env->cr[4]);
515         for(i = 0; i < 4; i++) {
516             qemu_fprintf(f, "DR%d=" TARGET_FMT_lx " ", i, env->dr[i]);
517         }
518         qemu_fprintf(f, "\nDR6=" TARGET_FMT_lx " DR7=" TARGET_FMT_lx "\n",
519                      env->dr[6], env->dr[7]);
520     }
521     if (flags & CPU_DUMP_CCOP) {
522         if ((unsigned)env->cc_op < CC_OP_NB)
523             snprintf(cc_op_name, sizeof(cc_op_name), "%s", cc_op_str[env->cc_op]);
524         else
525             snprintf(cc_op_name, sizeof(cc_op_name), "[%d]", env->cc_op);
526 #ifdef TARGET_X86_64
527         if (env->hflags & HF_CS64_MASK) {
528             qemu_fprintf(f, "CCS=%016" PRIx64 " CCD=%016" PRIx64 " CCO=%-8s\n",
529                          env->cc_src, env->cc_dst,
530                          cc_op_name);
531         } else
532 #endif
533         {
534             qemu_fprintf(f, "CCS=%08x CCD=%08x CCO=%-8s\n",
535                          (uint32_t)env->cc_src, (uint32_t)env->cc_dst,
536                          cc_op_name);
537         }
538     }
539     qemu_fprintf(f, "EFER=%016" PRIx64 "\n", env->efer);
540     if (flags & CPU_DUMP_FPU) {
541         int fptag;
542         fptag = 0;
543         for(i = 0; i < 8; i++) {
544             fptag |= ((!env->fptags[i]) << i);
545         }
546         qemu_fprintf(f, "FCW=%04x FSW=%04x [ST=%d] FTW=%02x MXCSR=%08x\n",
547                      env->fpuc,
548                      (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11,
549                      env->fpstt,
550                      fptag,
551                      env->mxcsr);
552         for(i=0;i<8;i++) {
553             CPU_LDoubleU u;
554             u.d = env->fpregs[i].d;
555             qemu_fprintf(f, "FPR%d=%016" PRIx64 " %04x",
556                          i, u.l.lower, u.l.upper);
557             if ((i & 1) == 1)
558                 qemu_fprintf(f, "\n");
559             else
560                 qemu_fprintf(f, " ");
561         }
562         if (env->hflags & HF_CS64_MASK)
563             nb = 16;
564         else
565             nb = 8;
566         for(i=0;i<nb;i++) {
567             qemu_fprintf(f, "XMM%02d=%08x%08x%08x%08x",
568                          i,
569                          env->xmm_regs[i].ZMM_L(3),
570                          env->xmm_regs[i].ZMM_L(2),
571                          env->xmm_regs[i].ZMM_L(1),
572                          env->xmm_regs[i].ZMM_L(0));
573             if ((i & 1) == 1)
574                 qemu_fprintf(f, "\n");
575             else
576                 qemu_fprintf(f, " ");
577         }
578     }
579     if (flags & CPU_DUMP_CODE) {
580         target_ulong base = env->segs[R_CS].base + env->eip;
581         target_ulong offs = MIN(env->eip, DUMP_CODE_BYTES_BACKWARD);
582         uint8_t code;
583         char codestr[3];
584 
585         qemu_fprintf(f, "Code=");
586         for (i = 0; i < DUMP_CODE_BYTES_TOTAL; i++) {
587             if (cpu_memory_rw_debug(cs, base - offs + i, &code, 1, 0) == 0) {
588                 snprintf(codestr, sizeof(codestr), "%02x", code);
589             } else {
590                 snprintf(codestr, sizeof(codestr), "??");
591             }
592             qemu_fprintf(f, "%s%s%s%s", i > 0 ? " " : "",
593                          i == offs ? "<" : "", codestr, i == offs ? ">" : "");
594         }
595         qemu_fprintf(f, "\n");
596     }
597 }
598 
599 /***********************************************************/
600 /* x86 mmu */
601 /* XXX: add PGE support */
602 
603 void x86_cpu_set_a20(X86CPU *cpu, int a20_state)
604 {
605     CPUX86State *env = &cpu->env;
606 
607     a20_state = (a20_state != 0);
608     if (a20_state != ((env->a20_mask >> 20) & 1)) {
609         CPUState *cs = CPU(cpu);
610 
611         qemu_log_mask(CPU_LOG_MMU, "A20 update: a20=%d\n", a20_state);
612         /* if the cpu is currently executing code, we must unlink it and
613            all the potentially executing TB */
614         cpu_interrupt(cs, CPU_INTERRUPT_EXITTB);
615 
616         /* when a20 is changed, all the MMU mappings are invalid, so
617            we must flush everything */
618         tlb_flush(cs);
619         env->a20_mask = ~(1 << 20) | (a20_state << 20);
620     }
621 }
622 
623 void cpu_x86_update_cr0(CPUX86State *env, uint32_t new_cr0)
624 {
625     X86CPU *cpu = x86_env_get_cpu(env);
626     int pe_state;
627 
628     qemu_log_mask(CPU_LOG_MMU, "CR0 update: CR0=0x%08x\n", new_cr0);
629     if ((new_cr0 & (CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK)) !=
630         (env->cr[0] & (CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK))) {
631         tlb_flush(CPU(cpu));
632     }
633 
634 #ifdef TARGET_X86_64
635     if (!(env->cr[0] & CR0_PG_MASK) && (new_cr0 & CR0_PG_MASK) &&
636         (env->efer & MSR_EFER_LME)) {
637         /* enter in long mode */
638         /* XXX: generate an exception */
639         if (!(env->cr[4] & CR4_PAE_MASK))
640             return;
641         env->efer |= MSR_EFER_LMA;
642         env->hflags |= HF_LMA_MASK;
643     } else if ((env->cr[0] & CR0_PG_MASK) && !(new_cr0 & CR0_PG_MASK) &&
644                (env->efer & MSR_EFER_LMA)) {
645         /* exit long mode */
646         env->efer &= ~MSR_EFER_LMA;
647         env->hflags &= ~(HF_LMA_MASK | HF_CS64_MASK);
648         env->eip &= 0xffffffff;
649     }
650 #endif
651     env->cr[0] = new_cr0 | CR0_ET_MASK;
652 
653     /* update PE flag in hidden flags */
654     pe_state = (env->cr[0] & CR0_PE_MASK);
655     env->hflags = (env->hflags & ~HF_PE_MASK) | (pe_state << HF_PE_SHIFT);
656     /* ensure that ADDSEG is always set in real mode */
657     env->hflags |= ((pe_state ^ 1) << HF_ADDSEG_SHIFT);
658     /* update FPU flags */
659     env->hflags = (env->hflags & ~(HF_MP_MASK | HF_EM_MASK | HF_TS_MASK)) |
660         ((new_cr0 << (HF_MP_SHIFT - 1)) & (HF_MP_MASK | HF_EM_MASK | HF_TS_MASK));
661 }
662 
663 /* XXX: in legacy PAE mode, generate a GPF if reserved bits are set in
664    the PDPT */
665 void cpu_x86_update_cr3(CPUX86State *env, target_ulong new_cr3)
666 {
667     X86CPU *cpu = x86_env_get_cpu(env);
668 
669     env->cr[3] = new_cr3;
670     if (env->cr[0] & CR0_PG_MASK) {
671         qemu_log_mask(CPU_LOG_MMU,
672                         "CR3 update: CR3=" TARGET_FMT_lx "\n", new_cr3);
673         tlb_flush(CPU(cpu));
674     }
675 }
676 
677 void cpu_x86_update_cr4(CPUX86State *env, uint32_t new_cr4)
678 {
679     X86CPU *cpu = x86_env_get_cpu(env);
680     uint32_t hflags;
681 
682 #if defined(DEBUG_MMU)
683     printf("CR4 update: %08x -> %08x\n", (uint32_t)env->cr[4], new_cr4);
684 #endif
685     if ((new_cr4 ^ env->cr[4]) &
686         (CR4_PGE_MASK | CR4_PAE_MASK | CR4_PSE_MASK |
687          CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_LA57_MASK)) {
688         tlb_flush(CPU(cpu));
689     }
690 
691     /* Clear bits we're going to recompute.  */
692     hflags = env->hflags & ~(HF_OSFXSR_MASK | HF_SMAP_MASK);
693 
694     /* SSE handling */
695     if (!(env->features[FEAT_1_EDX] & CPUID_SSE)) {
696         new_cr4 &= ~CR4_OSFXSR_MASK;
697     }
698     if (new_cr4 & CR4_OSFXSR_MASK) {
699         hflags |= HF_OSFXSR_MASK;
700     }
701 
702     if (!(env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SMAP)) {
703         new_cr4 &= ~CR4_SMAP_MASK;
704     }
705     if (new_cr4 & CR4_SMAP_MASK) {
706         hflags |= HF_SMAP_MASK;
707     }
708 
709     if (!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKU)) {
710         new_cr4 &= ~CR4_PKE_MASK;
711     }
712 
713     env->cr[4] = new_cr4;
714     env->hflags = hflags;
715 
716     cpu_sync_bndcs_hflags(env);
717 }
718 
719 #if !defined(CONFIG_USER_ONLY)
720 hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
721 {
722     X86CPU *cpu = X86_CPU(cs);
723     CPUX86State *env = &cpu->env;
724     target_ulong pde_addr, pte_addr;
725     uint64_t pte;
726     int32_t a20_mask;
727     uint32_t page_offset;
728     int page_size;
729 
730     a20_mask = x86_get_a20_mask(env);
731     if (!(env->cr[0] & CR0_PG_MASK)) {
732         pte = addr & a20_mask;
733         page_size = 4096;
734     } else if (env->cr[4] & CR4_PAE_MASK) {
735         target_ulong pdpe_addr;
736         uint64_t pde, pdpe;
737 
738 #ifdef TARGET_X86_64
739         if (env->hflags & HF_LMA_MASK) {
740             bool la57 = env->cr[4] & CR4_LA57_MASK;
741             uint64_t pml5e_addr, pml5e;
742             uint64_t pml4e_addr, pml4e;
743             int32_t sext;
744 
745             /* test virtual address sign extension */
746             sext = la57 ? (int64_t)addr >> 56 : (int64_t)addr >> 47;
747             if (sext != 0 && sext != -1) {
748                 return -1;
749             }
750 
751             if (la57) {
752                 pml5e_addr = ((env->cr[3] & ~0xfff) +
753                         (((addr >> 48) & 0x1ff) << 3)) & a20_mask;
754                 pml5e = x86_ldq_phys(cs, pml5e_addr);
755                 if (!(pml5e & PG_PRESENT_MASK)) {
756                     return -1;
757                 }
758             } else {
759                 pml5e = env->cr[3];
760             }
761 
762             pml4e_addr = ((pml5e & PG_ADDRESS_MASK) +
763                     (((addr >> 39) & 0x1ff) << 3)) & a20_mask;
764             pml4e = x86_ldq_phys(cs, pml4e_addr);
765             if (!(pml4e & PG_PRESENT_MASK)) {
766                 return -1;
767             }
768             pdpe_addr = ((pml4e & PG_ADDRESS_MASK) +
769                          (((addr >> 30) & 0x1ff) << 3)) & a20_mask;
770             pdpe = x86_ldq_phys(cs, pdpe_addr);
771             if (!(pdpe & PG_PRESENT_MASK)) {
772                 return -1;
773             }
774             if (pdpe & PG_PSE_MASK) {
775                 page_size = 1024 * 1024 * 1024;
776                 pte = pdpe;
777                 goto out;
778             }
779 
780         } else
781 #endif
782         {
783             pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 27) & 0x18)) &
784                 a20_mask;
785             pdpe = x86_ldq_phys(cs, pdpe_addr);
786             if (!(pdpe & PG_PRESENT_MASK))
787                 return -1;
788         }
789 
790         pde_addr = ((pdpe & PG_ADDRESS_MASK) +
791                     (((addr >> 21) & 0x1ff) << 3)) & a20_mask;
792         pde = x86_ldq_phys(cs, pde_addr);
793         if (!(pde & PG_PRESENT_MASK)) {
794             return -1;
795         }
796         if (pde & PG_PSE_MASK) {
797             /* 2 MB page */
798             page_size = 2048 * 1024;
799             pte = pde;
800         } else {
801             /* 4 KB page */
802             pte_addr = ((pde & PG_ADDRESS_MASK) +
803                         (((addr >> 12) & 0x1ff) << 3)) & a20_mask;
804             page_size = 4096;
805             pte = x86_ldq_phys(cs, pte_addr);
806         }
807         if (!(pte & PG_PRESENT_MASK)) {
808             return -1;
809         }
810     } else {
811         uint32_t pde;
812 
813         /* page directory entry */
814         pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & 0xffc)) & a20_mask;
815         pde = x86_ldl_phys(cs, pde_addr);
816         if (!(pde & PG_PRESENT_MASK))
817             return -1;
818         if ((pde & PG_PSE_MASK) && (env->cr[4] & CR4_PSE_MASK)) {
819             pte = pde | ((pde & 0x1fe000LL) << (32 - 13));
820             page_size = 4096 * 1024;
821         } else {
822             /* page directory entry */
823             pte_addr = ((pde & ~0xfff) + ((addr >> 10) & 0xffc)) & a20_mask;
824             pte = x86_ldl_phys(cs, pte_addr);
825             if (!(pte & PG_PRESENT_MASK)) {
826                 return -1;
827             }
828             page_size = 4096;
829         }
830         pte = pte & a20_mask;
831     }
832 
833 #ifdef TARGET_X86_64
834 out:
835 #endif
836     pte &= PG_ADDRESS_MASK & ~(page_size - 1);
837     page_offset = (addr & TARGET_PAGE_MASK) & (page_size - 1);
838     return pte | page_offset;
839 }
840 
841 typedef struct MCEInjectionParams {
842     Monitor *mon;
843     int bank;
844     uint64_t status;
845     uint64_t mcg_status;
846     uint64_t addr;
847     uint64_t misc;
848     int flags;
849 } MCEInjectionParams;
850 
851 static void do_inject_x86_mce(CPUState *cs, run_on_cpu_data data)
852 {
853     MCEInjectionParams *params = data.host_ptr;
854     X86CPU *cpu = X86_CPU(cs);
855     CPUX86State *cenv = &cpu->env;
856     uint64_t *banks = cenv->mce_banks + 4 * params->bank;
857 
858     cpu_synchronize_state(cs);
859 
860     /*
861      * If there is an MCE exception being processed, ignore this SRAO MCE
862      * unless unconditional injection was requested.
863      */
864     if (!(params->flags & MCE_INJECT_UNCOND_AO)
865         && !(params->status & MCI_STATUS_AR)
866         && (cenv->mcg_status & MCG_STATUS_MCIP)) {
867         return;
868     }
869 
870     if (params->status & MCI_STATUS_UC) {
871         /*
872          * if MSR_MCG_CTL is not all 1s, the uncorrected error
873          * reporting is disabled
874          */
875         if ((cenv->mcg_cap & MCG_CTL_P) && cenv->mcg_ctl != ~(uint64_t)0) {
876             monitor_printf(params->mon,
877                            "CPU %d: Uncorrected error reporting disabled\n",
878                            cs->cpu_index);
879             return;
880         }
881 
882         /*
883          * if MSR_MCi_CTL is not all 1s, the uncorrected error
884          * reporting is disabled for the bank
885          */
886         if (banks[0] != ~(uint64_t)0) {
887             monitor_printf(params->mon,
888                            "CPU %d: Uncorrected error reporting disabled for"
889                            " bank %d\n",
890                            cs->cpu_index, params->bank);
891             return;
892         }
893 
894         if ((cenv->mcg_status & MCG_STATUS_MCIP) ||
895             !(cenv->cr[4] & CR4_MCE_MASK)) {
896             monitor_printf(params->mon,
897                            "CPU %d: Previous MCE still in progress, raising"
898                            " triple fault\n",
899                            cs->cpu_index);
900             qemu_log_mask(CPU_LOG_RESET, "Triple fault\n");
901             qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
902             return;
903         }
904         if (banks[1] & MCI_STATUS_VAL) {
905             params->status |= MCI_STATUS_OVER;
906         }
907         banks[2] = params->addr;
908         banks[3] = params->misc;
909         cenv->mcg_status = params->mcg_status;
910         banks[1] = params->status;
911         cpu_interrupt(cs, CPU_INTERRUPT_MCE);
912     } else if (!(banks[1] & MCI_STATUS_VAL)
913                || !(banks[1] & MCI_STATUS_UC)) {
914         if (banks[1] & MCI_STATUS_VAL) {
915             params->status |= MCI_STATUS_OVER;
916         }
917         banks[2] = params->addr;
918         banks[3] = params->misc;
919         banks[1] = params->status;
920     } else {
921         banks[1] |= MCI_STATUS_OVER;
922     }
923 }
924 
925 void cpu_x86_inject_mce(Monitor *mon, X86CPU *cpu, int bank,
926                         uint64_t status, uint64_t mcg_status, uint64_t addr,
927                         uint64_t misc, int flags)
928 {
929     CPUState *cs = CPU(cpu);
930     CPUX86State *cenv = &cpu->env;
931     MCEInjectionParams params = {
932         .mon = mon,
933         .bank = bank,
934         .status = status,
935         .mcg_status = mcg_status,
936         .addr = addr,
937         .misc = misc,
938         .flags = flags,
939     };
940     unsigned bank_num = cenv->mcg_cap & 0xff;
941 
942     if (!cenv->mcg_cap) {
943         monitor_printf(mon, "MCE injection not supported\n");
944         return;
945     }
946     if (bank >= bank_num) {
947         monitor_printf(mon, "Invalid MCE bank number\n");
948         return;
949     }
950     if (!(status & MCI_STATUS_VAL)) {
951         monitor_printf(mon, "Invalid MCE status code\n");
952         return;
953     }
954     if ((flags & MCE_INJECT_BROADCAST)
955         && !cpu_x86_support_mca_broadcast(cenv)) {
956         monitor_printf(mon, "Guest CPU does not support MCA broadcast\n");
957         return;
958     }
959 
960     run_on_cpu(cs, do_inject_x86_mce, RUN_ON_CPU_HOST_PTR(&params));
961     if (flags & MCE_INJECT_BROADCAST) {
962         CPUState *other_cs;
963 
964         params.bank = 1;
965         params.status = MCI_STATUS_VAL | MCI_STATUS_UC;
966         params.mcg_status = MCG_STATUS_MCIP | MCG_STATUS_RIPV;
967         params.addr = 0;
968         params.misc = 0;
969         CPU_FOREACH(other_cs) {
970             if (other_cs == cs) {
971                 continue;
972             }
973             run_on_cpu(other_cs, do_inject_x86_mce, RUN_ON_CPU_HOST_PTR(&params));
974         }
975     }
976 }
977 
978 void cpu_report_tpr_access(CPUX86State *env, TPRAccess access)
979 {
980     X86CPU *cpu = x86_env_get_cpu(env);
981     CPUState *cs = CPU(cpu);
982 
983     if (kvm_enabled() || whpx_enabled()) {
984         env->tpr_access_type = access;
985 
986         cpu_interrupt(cs, CPU_INTERRUPT_TPR);
987     } else if (tcg_enabled()) {
988         cpu_restore_state(cs, cs->mem_io_pc, false);
989 
990         apic_handle_tpr_access_report(cpu->apic_state, env->eip, access);
991     }
992 }
993 #endif /* !CONFIG_USER_ONLY */
994 
995 int cpu_x86_get_descr_debug(CPUX86State *env, unsigned int selector,
996                             target_ulong *base, unsigned int *limit,
997                             unsigned int *flags)
998 {
999     X86CPU *cpu = x86_env_get_cpu(env);
1000     CPUState *cs = CPU(cpu);
1001     SegmentCache *dt;
1002     target_ulong ptr;
1003     uint32_t e1, e2;
1004     int index;
1005 
1006     if (selector & 0x4)
1007         dt = &env->ldt;
1008     else
1009         dt = &env->gdt;
1010     index = selector & ~7;
1011     ptr = dt->base + index;
1012     if ((index + 7) > dt->limit
1013         || cpu_memory_rw_debug(cs, ptr, (uint8_t *)&e1, sizeof(e1), 0) != 0
1014         || cpu_memory_rw_debug(cs, ptr+4, (uint8_t *)&e2, sizeof(e2), 0) != 0)
1015         return 0;
1016 
1017     *base = ((e1 >> 16) | ((e2 & 0xff) << 16) | (e2 & 0xff000000));
1018     *limit = (e1 & 0xffff) | (e2 & 0x000f0000);
1019     if (e2 & DESC_G_MASK)
1020         *limit = (*limit << 12) | 0xfff;
1021     *flags = e2;
1022 
1023     return 1;
1024 }
1025 
1026 #if !defined(CONFIG_USER_ONLY)
1027 void do_cpu_init(X86CPU *cpu)
1028 {
1029     CPUState *cs = CPU(cpu);
1030     CPUX86State *env = &cpu->env;
1031     CPUX86State *save = g_new(CPUX86State, 1);
1032     int sipi = cs->interrupt_request & CPU_INTERRUPT_SIPI;
1033 
1034     *save = *env;
1035 
1036     cpu_reset(cs);
1037     cs->interrupt_request = sipi;
1038     memcpy(&env->start_init_save, &save->start_init_save,
1039            offsetof(CPUX86State, end_init_save) -
1040            offsetof(CPUX86State, start_init_save));
1041     g_free(save);
1042 
1043     if (kvm_enabled()) {
1044         kvm_arch_do_init_vcpu(cpu);
1045     }
1046     apic_init_reset(cpu->apic_state);
1047 }
1048 
1049 void do_cpu_sipi(X86CPU *cpu)
1050 {
1051     apic_sipi(cpu->apic_state);
1052 }
1053 #else
1054 void do_cpu_init(X86CPU *cpu)
1055 {
1056 }
1057 void do_cpu_sipi(X86CPU *cpu)
1058 {
1059 }
1060 #endif
1061 
1062 /* Frob eflags into and out of the CPU temporary format.  */
1063 
1064 void x86_cpu_exec_enter(CPUState *cs)
1065 {
1066     X86CPU *cpu = X86_CPU(cs);
1067     CPUX86State *env = &cpu->env;
1068 
1069     CC_SRC = env->eflags & (CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
1070     env->df = 1 - (2 * ((env->eflags >> 10) & 1));
1071     CC_OP = CC_OP_EFLAGS;
1072     env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
1073 }
1074 
1075 void x86_cpu_exec_exit(CPUState *cs)
1076 {
1077     X86CPU *cpu = X86_CPU(cs);
1078     CPUX86State *env = &cpu->env;
1079 
1080     env->eflags = cpu_compute_eflags(env);
1081 }
1082 
1083 #ifndef CONFIG_USER_ONLY
1084 uint8_t x86_ldub_phys(CPUState *cs, hwaddr addr)
1085 {
1086     X86CPU *cpu = X86_CPU(cs);
1087     CPUX86State *env = &cpu->env;
1088     MemTxAttrs attrs = cpu_get_mem_attrs(env);
1089     AddressSpace *as = cpu_addressspace(cs, attrs);
1090 
1091     return address_space_ldub(as, addr, attrs, NULL);
1092 }
1093 
1094 uint32_t x86_lduw_phys(CPUState *cs, hwaddr addr)
1095 {
1096     X86CPU *cpu = X86_CPU(cs);
1097     CPUX86State *env = &cpu->env;
1098     MemTxAttrs attrs = cpu_get_mem_attrs(env);
1099     AddressSpace *as = cpu_addressspace(cs, attrs);
1100 
1101     return address_space_lduw(as, addr, attrs, NULL);
1102 }
1103 
1104 uint32_t x86_ldl_phys(CPUState *cs, hwaddr addr)
1105 {
1106     X86CPU *cpu = X86_CPU(cs);
1107     CPUX86State *env = &cpu->env;
1108     MemTxAttrs attrs = cpu_get_mem_attrs(env);
1109     AddressSpace *as = cpu_addressspace(cs, attrs);
1110 
1111     return address_space_ldl(as, addr, attrs, NULL);
1112 }
1113 
1114 uint64_t x86_ldq_phys(CPUState *cs, hwaddr addr)
1115 {
1116     X86CPU *cpu = X86_CPU(cs);
1117     CPUX86State *env = &cpu->env;
1118     MemTxAttrs attrs = cpu_get_mem_attrs(env);
1119     AddressSpace *as = cpu_addressspace(cs, attrs);
1120 
1121     return address_space_ldq(as, addr, attrs, NULL);
1122 }
1123 
1124 void x86_stb_phys(CPUState *cs, hwaddr addr, uint8_t val)
1125 {
1126     X86CPU *cpu = X86_CPU(cs);
1127     CPUX86State *env = &cpu->env;
1128     MemTxAttrs attrs = cpu_get_mem_attrs(env);
1129     AddressSpace *as = cpu_addressspace(cs, attrs);
1130 
1131     address_space_stb(as, addr, val, attrs, NULL);
1132 }
1133 
1134 void x86_stl_phys_notdirty(CPUState *cs, hwaddr addr, uint32_t val)
1135 {
1136     X86CPU *cpu = X86_CPU(cs);
1137     CPUX86State *env = &cpu->env;
1138     MemTxAttrs attrs = cpu_get_mem_attrs(env);
1139     AddressSpace *as = cpu_addressspace(cs, attrs);
1140 
1141     address_space_stl_notdirty(as, addr, val, attrs, NULL);
1142 }
1143 
1144 void x86_stw_phys(CPUState *cs, hwaddr addr, uint32_t val)
1145 {
1146     X86CPU *cpu = X86_CPU(cs);
1147     CPUX86State *env = &cpu->env;
1148     MemTxAttrs attrs = cpu_get_mem_attrs(env);
1149     AddressSpace *as = cpu_addressspace(cs, attrs);
1150 
1151     address_space_stw(as, addr, val, attrs, NULL);
1152 }
1153 
1154 void x86_stl_phys(CPUState *cs, hwaddr addr, uint32_t val)
1155 {
1156     X86CPU *cpu = X86_CPU(cs);
1157     CPUX86State *env = &cpu->env;
1158     MemTxAttrs attrs = cpu_get_mem_attrs(env);
1159     AddressSpace *as = cpu_addressspace(cs, attrs);
1160 
1161     address_space_stl(as, addr, val, attrs, NULL);
1162 }
1163 
1164 void x86_stq_phys(CPUState *cs, hwaddr addr, uint64_t val)
1165 {
1166     X86CPU *cpu = X86_CPU(cs);
1167     CPUX86State *env = &cpu->env;
1168     MemTxAttrs attrs = cpu_get_mem_attrs(env);
1169     AddressSpace *as = cpu_addressspace(cs, attrs);
1170 
1171     address_space_stq(as, addr, val, attrs, NULL);
1172 }
1173 #endif
1174