1 /* 2 * i386 helpers (without register variable usage) 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include "qemu/osdep.h" 21 #include "cpu.h" 22 #include "exec/exec-all.h" 23 #include "qemu/qemu-print.h" 24 #include "sysemu/kvm.h" 25 #include "kvm_i386.h" 26 #ifndef CONFIG_USER_ONLY 27 #include "sysemu/sysemu.h" 28 #include "sysemu/hw_accel.h" 29 #include "monitor/monitor.h" 30 #include "hw/i386/apic_internal.h" 31 #endif 32 33 void cpu_sync_bndcs_hflags(CPUX86State *env) 34 { 35 uint32_t hflags = env->hflags; 36 uint32_t hflags2 = env->hflags2; 37 uint32_t bndcsr; 38 39 if ((hflags & HF_CPL_MASK) == 3) { 40 bndcsr = env->bndcs_regs.cfgu; 41 } else { 42 bndcsr = env->msr_bndcfgs; 43 } 44 45 if ((env->cr[4] & CR4_OSXSAVE_MASK) 46 && (env->xcr0 & XSTATE_BNDCSR_MASK) 47 && (bndcsr & BNDCFG_ENABLE)) { 48 hflags |= HF_MPX_EN_MASK; 49 } else { 50 hflags &= ~HF_MPX_EN_MASK; 51 } 52 53 if (bndcsr & BNDCFG_BNDPRESERVE) { 54 hflags2 |= HF2_MPX_PR_MASK; 55 } else { 56 hflags2 &= ~HF2_MPX_PR_MASK; 57 } 58 59 env->hflags = hflags; 60 env->hflags2 = hflags2; 61 } 62 63 static void cpu_x86_version(CPUX86State *env, int *family, int *model) 64 { 65 int cpuver = env->cpuid_version; 66 67 if (family == NULL || model == NULL) { 68 return; 69 } 70 71 *family = (cpuver >> 8) & 0x0f; 72 *model = ((cpuver >> 12) & 0xf0) + ((cpuver >> 4) & 0x0f); 73 } 74 75 /* Broadcast MCA signal for processor version 06H_EH and above */ 76 int cpu_x86_support_mca_broadcast(CPUX86State *env) 77 { 78 int family = 0; 79 int model = 0; 80 81 cpu_x86_version(env, &family, &model); 82 if ((family == 6 && model >= 14) || family > 6) { 83 return 1; 84 } 85 86 return 0; 87 } 88 89 /***********************************************************/ 90 /* x86 debug */ 91 92 static const char *cc_op_str[CC_OP_NB] = { 93 "DYNAMIC", 94 "EFLAGS", 95 96 "MULB", 97 "MULW", 98 "MULL", 99 "MULQ", 100 101 "ADDB", 102 "ADDW", 103 "ADDL", 104 "ADDQ", 105 106 "ADCB", 107 "ADCW", 108 "ADCL", 109 "ADCQ", 110 111 "SUBB", 112 "SUBW", 113 "SUBL", 114 "SUBQ", 115 116 "SBBB", 117 "SBBW", 118 "SBBL", 119 "SBBQ", 120 121 "LOGICB", 122 "LOGICW", 123 "LOGICL", 124 "LOGICQ", 125 126 "INCB", 127 "INCW", 128 "INCL", 129 "INCQ", 130 131 "DECB", 132 "DECW", 133 "DECL", 134 "DECQ", 135 136 "SHLB", 137 "SHLW", 138 "SHLL", 139 "SHLQ", 140 141 "SARB", 142 "SARW", 143 "SARL", 144 "SARQ", 145 146 "BMILGB", 147 "BMILGW", 148 "BMILGL", 149 "BMILGQ", 150 151 "ADCX", 152 "ADOX", 153 "ADCOX", 154 155 "CLR", 156 }; 157 158 static void 159 cpu_x86_dump_seg_cache(CPUX86State *env, FILE *f, 160 const char *name, struct SegmentCache *sc) 161 { 162 #ifdef TARGET_X86_64 163 if (env->hflags & HF_CS64_MASK) { 164 qemu_fprintf(f, "%-3s=%04x %016" PRIx64 " %08x %08x", name, 165 sc->selector, sc->base, sc->limit, 166 sc->flags & 0x00ffff00); 167 } else 168 #endif 169 { 170 qemu_fprintf(f, "%-3s=%04x %08x %08x %08x", name, sc->selector, 171 (uint32_t)sc->base, sc->limit, 172 sc->flags & 0x00ffff00); 173 } 174 175 if (!(env->hflags & HF_PE_MASK) || !(sc->flags & DESC_P_MASK)) 176 goto done; 177 178 qemu_fprintf(f, " DPL=%d ", 179 (sc->flags & DESC_DPL_MASK) >> DESC_DPL_SHIFT); 180 if (sc->flags & DESC_S_MASK) { 181 if (sc->flags & DESC_CS_MASK) { 182 qemu_fprintf(f, (sc->flags & DESC_L_MASK) ? "CS64" : 183 ((sc->flags & DESC_B_MASK) ? "CS32" : "CS16")); 184 qemu_fprintf(f, " [%c%c", (sc->flags & DESC_C_MASK) ? 'C' : '-', 185 (sc->flags & DESC_R_MASK) ? 'R' : '-'); 186 } else { 187 qemu_fprintf(f, (sc->flags & DESC_B_MASK 188 || env->hflags & HF_LMA_MASK) 189 ? "DS " : "DS16"); 190 qemu_fprintf(f, " [%c%c", (sc->flags & DESC_E_MASK) ? 'E' : '-', 191 (sc->flags & DESC_W_MASK) ? 'W' : '-'); 192 } 193 qemu_fprintf(f, "%c]", (sc->flags & DESC_A_MASK) ? 'A' : '-'); 194 } else { 195 static const char *sys_type_name[2][16] = { 196 { /* 32 bit mode */ 197 "Reserved", "TSS16-avl", "LDT", "TSS16-busy", 198 "CallGate16", "TaskGate", "IntGate16", "TrapGate16", 199 "Reserved", "TSS32-avl", "Reserved", "TSS32-busy", 200 "CallGate32", "Reserved", "IntGate32", "TrapGate32" 201 }, 202 { /* 64 bit mode */ 203 "<hiword>", "Reserved", "LDT", "Reserved", "Reserved", 204 "Reserved", "Reserved", "Reserved", "Reserved", 205 "TSS64-avl", "Reserved", "TSS64-busy", "CallGate64", 206 "Reserved", "IntGate64", "TrapGate64" 207 } 208 }; 209 qemu_fprintf(f, "%s", 210 sys_type_name[(env->hflags & HF_LMA_MASK) ? 1 : 0] 211 [(sc->flags & DESC_TYPE_MASK) >> DESC_TYPE_SHIFT]); 212 } 213 done: 214 qemu_fprintf(f, "\n"); 215 } 216 217 #ifndef CONFIG_USER_ONLY 218 219 /* ARRAY_SIZE check is not required because 220 * DeliveryMode(dm) has a size of 3 bit. 221 */ 222 static inline const char *dm2str(uint32_t dm) 223 { 224 static const char *str[] = { 225 "Fixed", 226 "...", 227 "SMI", 228 "...", 229 "NMI", 230 "INIT", 231 "...", 232 "ExtINT" 233 }; 234 return str[dm]; 235 } 236 237 static void dump_apic_lvt(const char *name, uint32_t lvt, bool is_timer) 238 { 239 uint32_t dm = (lvt & APIC_LVT_DELIV_MOD) >> APIC_LVT_DELIV_MOD_SHIFT; 240 qemu_printf("%s\t 0x%08x %s %-5s %-6s %-7s %-12s %-6s", 241 name, lvt, 242 lvt & APIC_LVT_INT_POLARITY ? "active-lo" : "active-hi", 243 lvt & APIC_LVT_LEVEL_TRIGGER ? "level" : "edge", 244 lvt & APIC_LVT_MASKED ? "masked" : "", 245 lvt & APIC_LVT_DELIV_STS ? "pending" : "", 246 !is_timer ? 247 "" : lvt & APIC_LVT_TIMER_PERIODIC ? 248 "periodic" : lvt & APIC_LVT_TIMER_TSCDEADLINE ? 249 "tsc-deadline" : "one-shot", 250 dm2str(dm)); 251 if (dm != APIC_DM_NMI) { 252 qemu_printf(" (vec %u)\n", lvt & APIC_VECTOR_MASK); 253 } else { 254 qemu_printf("\n"); 255 } 256 } 257 258 /* ARRAY_SIZE check is not required because 259 * destination shorthand has a size of 2 bit. 260 */ 261 static inline const char *shorthand2str(uint32_t shorthand) 262 { 263 const char *str[] = { 264 "no-shorthand", "self", "all-self", "all" 265 }; 266 return str[shorthand]; 267 } 268 269 static inline uint8_t divider_conf(uint32_t divide_conf) 270 { 271 uint8_t divide_val = ((divide_conf & 0x8) >> 1) | (divide_conf & 0x3); 272 273 return divide_val == 7 ? 1 : 2 << divide_val; 274 } 275 276 static inline void mask2str(char *str, uint32_t val, uint8_t size) 277 { 278 while (size--) { 279 *str++ = (val >> size) & 1 ? '1' : '0'; 280 } 281 *str = 0; 282 } 283 284 #define MAX_LOGICAL_APIC_ID_MASK_SIZE 16 285 286 static void dump_apic_icr(APICCommonState *s, CPUX86State *env) 287 { 288 uint32_t icr = s->icr[0], icr2 = s->icr[1]; 289 uint8_t dest_shorthand = \ 290 (icr & APIC_ICR_DEST_SHORT) >> APIC_ICR_DEST_SHORT_SHIFT; 291 bool logical_mod = icr & APIC_ICR_DEST_MOD; 292 char apic_id_str[MAX_LOGICAL_APIC_ID_MASK_SIZE + 1]; 293 uint32_t dest_field; 294 bool x2apic; 295 296 qemu_printf("ICR\t 0x%08x %s %s %s %s\n", 297 icr, 298 logical_mod ? "logical" : "physical", 299 icr & APIC_ICR_TRIGGER_MOD ? "level" : "edge", 300 icr & APIC_ICR_LEVEL ? "assert" : "de-assert", 301 shorthand2str(dest_shorthand)); 302 303 qemu_printf("ICR2\t 0x%08x", icr2); 304 if (dest_shorthand != 0) { 305 qemu_printf("\n"); 306 return; 307 } 308 x2apic = env->features[FEAT_1_ECX] & CPUID_EXT_X2APIC; 309 dest_field = x2apic ? icr2 : icr2 >> APIC_ICR_DEST_SHIFT; 310 311 if (!logical_mod) { 312 if (x2apic) { 313 qemu_printf(" cpu %u (X2APIC ID)\n", dest_field); 314 } else { 315 qemu_printf(" cpu %u (APIC ID)\n", 316 dest_field & APIC_LOGDEST_XAPIC_ID); 317 } 318 return; 319 } 320 321 if (s->dest_mode == 0xf) { /* flat mode */ 322 mask2str(apic_id_str, icr2 >> APIC_ICR_DEST_SHIFT, 8); 323 qemu_printf(" mask %s (APIC ID)\n", apic_id_str); 324 } else if (s->dest_mode == 0) { /* cluster mode */ 325 if (x2apic) { 326 mask2str(apic_id_str, dest_field & APIC_LOGDEST_X2APIC_ID, 16); 327 qemu_printf(" cluster %u mask %s (X2APIC ID)\n", 328 dest_field >> APIC_LOGDEST_X2APIC_SHIFT, apic_id_str); 329 } else { 330 mask2str(apic_id_str, dest_field & APIC_LOGDEST_XAPIC_ID, 4); 331 qemu_printf(" cluster %u mask %s (APIC ID)\n", 332 dest_field >> APIC_LOGDEST_XAPIC_SHIFT, apic_id_str); 333 } 334 } 335 } 336 337 static void dump_apic_interrupt(const char *name, uint32_t *ireg_tab, 338 uint32_t *tmr_tab) 339 { 340 int i, empty = true; 341 342 qemu_printf("%s\t ", name); 343 for (i = 0; i < 256; i++) { 344 if (apic_get_bit(ireg_tab, i)) { 345 qemu_printf("%u%s ", i, 346 apic_get_bit(tmr_tab, i) ? "(level)" : ""); 347 empty = false; 348 } 349 } 350 qemu_printf("%s\n", empty ? "(none)" : ""); 351 } 352 353 void x86_cpu_dump_local_apic_state(CPUState *cs, int flags) 354 { 355 X86CPU *cpu = X86_CPU(cs); 356 APICCommonState *s = APIC_COMMON(cpu->apic_state); 357 if (!s) { 358 qemu_printf("local apic state not available\n"); 359 return; 360 } 361 uint32_t *lvt = s->lvt; 362 363 qemu_printf("dumping local APIC state for CPU %-2u\n\n", 364 CPU(cpu)->cpu_index); 365 dump_apic_lvt("LVT0", lvt[APIC_LVT_LINT0], false); 366 dump_apic_lvt("LVT1", lvt[APIC_LVT_LINT1], false); 367 dump_apic_lvt("LVTPC", lvt[APIC_LVT_PERFORM], false); 368 dump_apic_lvt("LVTERR", lvt[APIC_LVT_ERROR], false); 369 dump_apic_lvt("LVTTHMR", lvt[APIC_LVT_THERMAL], false); 370 dump_apic_lvt("LVTT", lvt[APIC_LVT_TIMER], true); 371 372 qemu_printf("Timer\t DCR=0x%x (divide by %u) initial_count = %u\n", 373 s->divide_conf & APIC_DCR_MASK, 374 divider_conf(s->divide_conf), 375 s->initial_count); 376 377 qemu_printf("SPIV\t 0x%08x APIC %s, focus=%s, spurious vec %u\n", 378 s->spurious_vec, 379 s->spurious_vec & APIC_SPURIO_ENABLED ? "enabled" : "disabled", 380 s->spurious_vec & APIC_SPURIO_FOCUS ? "on" : "off", 381 s->spurious_vec & APIC_VECTOR_MASK); 382 383 dump_apic_icr(s, &cpu->env); 384 385 qemu_printf("ESR\t 0x%08x\n", s->esr); 386 387 dump_apic_interrupt("ISR", s->isr, s->tmr); 388 dump_apic_interrupt("IRR", s->irr, s->tmr); 389 390 qemu_printf("\nAPR 0x%02x TPR 0x%02x DFR 0x%02x LDR 0x%02x", 391 s->arb_id, s->tpr, s->dest_mode, s->log_dest); 392 if (s->dest_mode == 0) { 393 qemu_printf("(cluster %u: id %u)", 394 s->log_dest >> APIC_LOGDEST_XAPIC_SHIFT, 395 s->log_dest & APIC_LOGDEST_XAPIC_ID); 396 } 397 qemu_printf(" PPR 0x%02x\n", apic_get_ppr(s)); 398 } 399 #else 400 void x86_cpu_dump_local_apic_state(CPUState *cs, int flags) 401 { 402 } 403 #endif /* !CONFIG_USER_ONLY */ 404 405 #define DUMP_CODE_BYTES_TOTAL 50 406 #define DUMP_CODE_BYTES_BACKWARD 20 407 408 void x86_cpu_dump_state(CPUState *cs, FILE *f, int flags) 409 { 410 X86CPU *cpu = X86_CPU(cs); 411 CPUX86State *env = &cpu->env; 412 int eflags, i, nb; 413 char cc_op_name[32]; 414 static const char *seg_name[6] = { "ES", "CS", "SS", "DS", "FS", "GS" }; 415 416 eflags = cpu_compute_eflags(env); 417 #ifdef TARGET_X86_64 418 if (env->hflags & HF_CS64_MASK) { 419 qemu_fprintf(f, "RAX=%016" PRIx64 " RBX=%016" PRIx64 " RCX=%016" PRIx64 " RDX=%016" PRIx64 "\n" 420 "RSI=%016" PRIx64 " RDI=%016" PRIx64 " RBP=%016" PRIx64 " RSP=%016" PRIx64 "\n" 421 "R8 =%016" PRIx64 " R9 =%016" PRIx64 " R10=%016" PRIx64 " R11=%016" PRIx64 "\n" 422 "R12=%016" PRIx64 " R13=%016" PRIx64 " R14=%016" PRIx64 " R15=%016" PRIx64 "\n" 423 "RIP=%016" PRIx64 " RFL=%08x [%c%c%c%c%c%c%c] CPL=%d II=%d A20=%d SMM=%d HLT=%d\n", 424 env->regs[R_EAX], 425 env->regs[R_EBX], 426 env->regs[R_ECX], 427 env->regs[R_EDX], 428 env->regs[R_ESI], 429 env->regs[R_EDI], 430 env->regs[R_EBP], 431 env->regs[R_ESP], 432 env->regs[8], 433 env->regs[9], 434 env->regs[10], 435 env->regs[11], 436 env->regs[12], 437 env->regs[13], 438 env->regs[14], 439 env->regs[15], 440 env->eip, eflags, 441 eflags & DF_MASK ? 'D' : '-', 442 eflags & CC_O ? 'O' : '-', 443 eflags & CC_S ? 'S' : '-', 444 eflags & CC_Z ? 'Z' : '-', 445 eflags & CC_A ? 'A' : '-', 446 eflags & CC_P ? 'P' : '-', 447 eflags & CC_C ? 'C' : '-', 448 env->hflags & HF_CPL_MASK, 449 (env->hflags >> HF_INHIBIT_IRQ_SHIFT) & 1, 450 (env->a20_mask >> 20) & 1, 451 (env->hflags >> HF_SMM_SHIFT) & 1, 452 cs->halted); 453 } else 454 #endif 455 { 456 qemu_fprintf(f, "EAX=%08x EBX=%08x ECX=%08x EDX=%08x\n" 457 "ESI=%08x EDI=%08x EBP=%08x ESP=%08x\n" 458 "EIP=%08x EFL=%08x [%c%c%c%c%c%c%c] CPL=%d II=%d A20=%d SMM=%d HLT=%d\n", 459 (uint32_t)env->regs[R_EAX], 460 (uint32_t)env->regs[R_EBX], 461 (uint32_t)env->regs[R_ECX], 462 (uint32_t)env->regs[R_EDX], 463 (uint32_t)env->regs[R_ESI], 464 (uint32_t)env->regs[R_EDI], 465 (uint32_t)env->regs[R_EBP], 466 (uint32_t)env->regs[R_ESP], 467 (uint32_t)env->eip, eflags, 468 eflags & DF_MASK ? 'D' : '-', 469 eflags & CC_O ? 'O' : '-', 470 eflags & CC_S ? 'S' : '-', 471 eflags & CC_Z ? 'Z' : '-', 472 eflags & CC_A ? 'A' : '-', 473 eflags & CC_P ? 'P' : '-', 474 eflags & CC_C ? 'C' : '-', 475 env->hflags & HF_CPL_MASK, 476 (env->hflags >> HF_INHIBIT_IRQ_SHIFT) & 1, 477 (env->a20_mask >> 20) & 1, 478 (env->hflags >> HF_SMM_SHIFT) & 1, 479 cs->halted); 480 } 481 482 for(i = 0; i < 6; i++) { 483 cpu_x86_dump_seg_cache(env, f, seg_name[i], &env->segs[i]); 484 } 485 cpu_x86_dump_seg_cache(env, f, "LDT", &env->ldt); 486 cpu_x86_dump_seg_cache(env, f, "TR", &env->tr); 487 488 #ifdef TARGET_X86_64 489 if (env->hflags & HF_LMA_MASK) { 490 qemu_fprintf(f, "GDT= %016" PRIx64 " %08x\n", 491 env->gdt.base, env->gdt.limit); 492 qemu_fprintf(f, "IDT= %016" PRIx64 " %08x\n", 493 env->idt.base, env->idt.limit); 494 qemu_fprintf(f, "CR0=%08x CR2=%016" PRIx64 " CR3=%016" PRIx64 " CR4=%08x\n", 495 (uint32_t)env->cr[0], 496 env->cr[2], 497 env->cr[3], 498 (uint32_t)env->cr[4]); 499 for(i = 0; i < 4; i++) 500 qemu_fprintf(f, "DR%d=%016" PRIx64 " ", i, env->dr[i]); 501 qemu_fprintf(f, "\nDR6=%016" PRIx64 " DR7=%016" PRIx64 "\n", 502 env->dr[6], env->dr[7]); 503 } else 504 #endif 505 { 506 qemu_fprintf(f, "GDT= %08x %08x\n", 507 (uint32_t)env->gdt.base, env->gdt.limit); 508 qemu_fprintf(f, "IDT= %08x %08x\n", 509 (uint32_t)env->idt.base, env->idt.limit); 510 qemu_fprintf(f, "CR0=%08x CR2=%08x CR3=%08x CR4=%08x\n", 511 (uint32_t)env->cr[0], 512 (uint32_t)env->cr[2], 513 (uint32_t)env->cr[3], 514 (uint32_t)env->cr[4]); 515 for(i = 0; i < 4; i++) { 516 qemu_fprintf(f, "DR%d=" TARGET_FMT_lx " ", i, env->dr[i]); 517 } 518 qemu_fprintf(f, "\nDR6=" TARGET_FMT_lx " DR7=" TARGET_FMT_lx "\n", 519 env->dr[6], env->dr[7]); 520 } 521 if (flags & CPU_DUMP_CCOP) { 522 if ((unsigned)env->cc_op < CC_OP_NB) 523 snprintf(cc_op_name, sizeof(cc_op_name), "%s", cc_op_str[env->cc_op]); 524 else 525 snprintf(cc_op_name, sizeof(cc_op_name), "[%d]", env->cc_op); 526 #ifdef TARGET_X86_64 527 if (env->hflags & HF_CS64_MASK) { 528 qemu_fprintf(f, "CCS=%016" PRIx64 " CCD=%016" PRIx64 " CCO=%-8s\n", 529 env->cc_src, env->cc_dst, 530 cc_op_name); 531 } else 532 #endif 533 { 534 qemu_fprintf(f, "CCS=%08x CCD=%08x CCO=%-8s\n", 535 (uint32_t)env->cc_src, (uint32_t)env->cc_dst, 536 cc_op_name); 537 } 538 } 539 qemu_fprintf(f, "EFER=%016" PRIx64 "\n", env->efer); 540 if (flags & CPU_DUMP_FPU) { 541 int fptag; 542 fptag = 0; 543 for(i = 0; i < 8; i++) { 544 fptag |= ((!env->fptags[i]) << i); 545 } 546 qemu_fprintf(f, "FCW=%04x FSW=%04x [ST=%d] FTW=%02x MXCSR=%08x\n", 547 env->fpuc, 548 (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11, 549 env->fpstt, 550 fptag, 551 env->mxcsr); 552 for(i=0;i<8;i++) { 553 CPU_LDoubleU u; 554 u.d = env->fpregs[i].d; 555 qemu_fprintf(f, "FPR%d=%016" PRIx64 " %04x", 556 i, u.l.lower, u.l.upper); 557 if ((i & 1) == 1) 558 qemu_fprintf(f, "\n"); 559 else 560 qemu_fprintf(f, " "); 561 } 562 if (env->hflags & HF_CS64_MASK) 563 nb = 16; 564 else 565 nb = 8; 566 for(i=0;i<nb;i++) { 567 qemu_fprintf(f, "XMM%02d=%08x%08x%08x%08x", 568 i, 569 env->xmm_regs[i].ZMM_L(3), 570 env->xmm_regs[i].ZMM_L(2), 571 env->xmm_regs[i].ZMM_L(1), 572 env->xmm_regs[i].ZMM_L(0)); 573 if ((i & 1) == 1) 574 qemu_fprintf(f, "\n"); 575 else 576 qemu_fprintf(f, " "); 577 } 578 } 579 if (flags & CPU_DUMP_CODE) { 580 target_ulong base = env->segs[R_CS].base + env->eip; 581 target_ulong offs = MIN(env->eip, DUMP_CODE_BYTES_BACKWARD); 582 uint8_t code; 583 char codestr[3]; 584 585 qemu_fprintf(f, "Code="); 586 for (i = 0; i < DUMP_CODE_BYTES_TOTAL; i++) { 587 if (cpu_memory_rw_debug(cs, base - offs + i, &code, 1, 0) == 0) { 588 snprintf(codestr, sizeof(codestr), "%02x", code); 589 } else { 590 snprintf(codestr, sizeof(codestr), "??"); 591 } 592 qemu_fprintf(f, "%s%s%s%s", i > 0 ? " " : "", 593 i == offs ? "<" : "", codestr, i == offs ? ">" : ""); 594 } 595 qemu_fprintf(f, "\n"); 596 } 597 } 598 599 /***********************************************************/ 600 /* x86 mmu */ 601 /* XXX: add PGE support */ 602 603 void x86_cpu_set_a20(X86CPU *cpu, int a20_state) 604 { 605 CPUX86State *env = &cpu->env; 606 607 a20_state = (a20_state != 0); 608 if (a20_state != ((env->a20_mask >> 20) & 1)) { 609 CPUState *cs = CPU(cpu); 610 611 qemu_log_mask(CPU_LOG_MMU, "A20 update: a20=%d\n", a20_state); 612 /* if the cpu is currently executing code, we must unlink it and 613 all the potentially executing TB */ 614 cpu_interrupt(cs, CPU_INTERRUPT_EXITTB); 615 616 /* when a20 is changed, all the MMU mappings are invalid, so 617 we must flush everything */ 618 tlb_flush(cs); 619 env->a20_mask = ~(1 << 20) | (a20_state << 20); 620 } 621 } 622 623 void cpu_x86_update_cr0(CPUX86State *env, uint32_t new_cr0) 624 { 625 X86CPU *cpu = x86_env_get_cpu(env); 626 int pe_state; 627 628 qemu_log_mask(CPU_LOG_MMU, "CR0 update: CR0=0x%08x\n", new_cr0); 629 if ((new_cr0 & (CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK)) != 630 (env->cr[0] & (CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK))) { 631 tlb_flush(CPU(cpu)); 632 } 633 634 #ifdef TARGET_X86_64 635 if (!(env->cr[0] & CR0_PG_MASK) && (new_cr0 & CR0_PG_MASK) && 636 (env->efer & MSR_EFER_LME)) { 637 /* enter in long mode */ 638 /* XXX: generate an exception */ 639 if (!(env->cr[4] & CR4_PAE_MASK)) 640 return; 641 env->efer |= MSR_EFER_LMA; 642 env->hflags |= HF_LMA_MASK; 643 } else if ((env->cr[0] & CR0_PG_MASK) && !(new_cr0 & CR0_PG_MASK) && 644 (env->efer & MSR_EFER_LMA)) { 645 /* exit long mode */ 646 env->efer &= ~MSR_EFER_LMA; 647 env->hflags &= ~(HF_LMA_MASK | HF_CS64_MASK); 648 env->eip &= 0xffffffff; 649 } 650 #endif 651 env->cr[0] = new_cr0 | CR0_ET_MASK; 652 653 /* update PE flag in hidden flags */ 654 pe_state = (env->cr[0] & CR0_PE_MASK); 655 env->hflags = (env->hflags & ~HF_PE_MASK) | (pe_state << HF_PE_SHIFT); 656 /* ensure that ADDSEG is always set in real mode */ 657 env->hflags |= ((pe_state ^ 1) << HF_ADDSEG_SHIFT); 658 /* update FPU flags */ 659 env->hflags = (env->hflags & ~(HF_MP_MASK | HF_EM_MASK | HF_TS_MASK)) | 660 ((new_cr0 << (HF_MP_SHIFT - 1)) & (HF_MP_MASK | HF_EM_MASK | HF_TS_MASK)); 661 } 662 663 /* XXX: in legacy PAE mode, generate a GPF if reserved bits are set in 664 the PDPT */ 665 void cpu_x86_update_cr3(CPUX86State *env, target_ulong new_cr3) 666 { 667 X86CPU *cpu = x86_env_get_cpu(env); 668 669 env->cr[3] = new_cr3; 670 if (env->cr[0] & CR0_PG_MASK) { 671 qemu_log_mask(CPU_LOG_MMU, 672 "CR3 update: CR3=" TARGET_FMT_lx "\n", new_cr3); 673 tlb_flush(CPU(cpu)); 674 } 675 } 676 677 void cpu_x86_update_cr4(CPUX86State *env, uint32_t new_cr4) 678 { 679 X86CPU *cpu = x86_env_get_cpu(env); 680 uint32_t hflags; 681 682 #if defined(DEBUG_MMU) 683 printf("CR4 update: %08x -> %08x\n", (uint32_t)env->cr[4], new_cr4); 684 #endif 685 if ((new_cr4 ^ env->cr[4]) & 686 (CR4_PGE_MASK | CR4_PAE_MASK | CR4_PSE_MASK | 687 CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_LA57_MASK)) { 688 tlb_flush(CPU(cpu)); 689 } 690 691 /* Clear bits we're going to recompute. */ 692 hflags = env->hflags & ~(HF_OSFXSR_MASK | HF_SMAP_MASK); 693 694 /* SSE handling */ 695 if (!(env->features[FEAT_1_EDX] & CPUID_SSE)) { 696 new_cr4 &= ~CR4_OSFXSR_MASK; 697 } 698 if (new_cr4 & CR4_OSFXSR_MASK) { 699 hflags |= HF_OSFXSR_MASK; 700 } 701 702 if (!(env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SMAP)) { 703 new_cr4 &= ~CR4_SMAP_MASK; 704 } 705 if (new_cr4 & CR4_SMAP_MASK) { 706 hflags |= HF_SMAP_MASK; 707 } 708 709 if (!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKU)) { 710 new_cr4 &= ~CR4_PKE_MASK; 711 } 712 713 env->cr[4] = new_cr4; 714 env->hflags = hflags; 715 716 cpu_sync_bndcs_hflags(env); 717 } 718 719 #if !defined(CONFIG_USER_ONLY) 720 hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) 721 { 722 X86CPU *cpu = X86_CPU(cs); 723 CPUX86State *env = &cpu->env; 724 target_ulong pde_addr, pte_addr; 725 uint64_t pte; 726 int32_t a20_mask; 727 uint32_t page_offset; 728 int page_size; 729 730 a20_mask = x86_get_a20_mask(env); 731 if (!(env->cr[0] & CR0_PG_MASK)) { 732 pte = addr & a20_mask; 733 page_size = 4096; 734 } else if (env->cr[4] & CR4_PAE_MASK) { 735 target_ulong pdpe_addr; 736 uint64_t pde, pdpe; 737 738 #ifdef TARGET_X86_64 739 if (env->hflags & HF_LMA_MASK) { 740 bool la57 = env->cr[4] & CR4_LA57_MASK; 741 uint64_t pml5e_addr, pml5e; 742 uint64_t pml4e_addr, pml4e; 743 int32_t sext; 744 745 /* test virtual address sign extension */ 746 sext = la57 ? (int64_t)addr >> 56 : (int64_t)addr >> 47; 747 if (sext != 0 && sext != -1) { 748 return -1; 749 } 750 751 if (la57) { 752 pml5e_addr = ((env->cr[3] & ~0xfff) + 753 (((addr >> 48) & 0x1ff) << 3)) & a20_mask; 754 pml5e = x86_ldq_phys(cs, pml5e_addr); 755 if (!(pml5e & PG_PRESENT_MASK)) { 756 return -1; 757 } 758 } else { 759 pml5e = env->cr[3]; 760 } 761 762 pml4e_addr = ((pml5e & PG_ADDRESS_MASK) + 763 (((addr >> 39) & 0x1ff) << 3)) & a20_mask; 764 pml4e = x86_ldq_phys(cs, pml4e_addr); 765 if (!(pml4e & PG_PRESENT_MASK)) { 766 return -1; 767 } 768 pdpe_addr = ((pml4e & PG_ADDRESS_MASK) + 769 (((addr >> 30) & 0x1ff) << 3)) & a20_mask; 770 pdpe = x86_ldq_phys(cs, pdpe_addr); 771 if (!(pdpe & PG_PRESENT_MASK)) { 772 return -1; 773 } 774 if (pdpe & PG_PSE_MASK) { 775 page_size = 1024 * 1024 * 1024; 776 pte = pdpe; 777 goto out; 778 } 779 780 } else 781 #endif 782 { 783 pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 27) & 0x18)) & 784 a20_mask; 785 pdpe = x86_ldq_phys(cs, pdpe_addr); 786 if (!(pdpe & PG_PRESENT_MASK)) 787 return -1; 788 } 789 790 pde_addr = ((pdpe & PG_ADDRESS_MASK) + 791 (((addr >> 21) & 0x1ff) << 3)) & a20_mask; 792 pde = x86_ldq_phys(cs, pde_addr); 793 if (!(pde & PG_PRESENT_MASK)) { 794 return -1; 795 } 796 if (pde & PG_PSE_MASK) { 797 /* 2 MB page */ 798 page_size = 2048 * 1024; 799 pte = pde; 800 } else { 801 /* 4 KB page */ 802 pte_addr = ((pde & PG_ADDRESS_MASK) + 803 (((addr >> 12) & 0x1ff) << 3)) & a20_mask; 804 page_size = 4096; 805 pte = x86_ldq_phys(cs, pte_addr); 806 } 807 if (!(pte & PG_PRESENT_MASK)) { 808 return -1; 809 } 810 } else { 811 uint32_t pde; 812 813 /* page directory entry */ 814 pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & 0xffc)) & a20_mask; 815 pde = x86_ldl_phys(cs, pde_addr); 816 if (!(pde & PG_PRESENT_MASK)) 817 return -1; 818 if ((pde & PG_PSE_MASK) && (env->cr[4] & CR4_PSE_MASK)) { 819 pte = pde | ((pde & 0x1fe000LL) << (32 - 13)); 820 page_size = 4096 * 1024; 821 } else { 822 /* page directory entry */ 823 pte_addr = ((pde & ~0xfff) + ((addr >> 10) & 0xffc)) & a20_mask; 824 pte = x86_ldl_phys(cs, pte_addr); 825 if (!(pte & PG_PRESENT_MASK)) { 826 return -1; 827 } 828 page_size = 4096; 829 } 830 pte = pte & a20_mask; 831 } 832 833 #ifdef TARGET_X86_64 834 out: 835 #endif 836 pte &= PG_ADDRESS_MASK & ~(page_size - 1); 837 page_offset = (addr & TARGET_PAGE_MASK) & (page_size - 1); 838 return pte | page_offset; 839 } 840 841 typedef struct MCEInjectionParams { 842 Monitor *mon; 843 int bank; 844 uint64_t status; 845 uint64_t mcg_status; 846 uint64_t addr; 847 uint64_t misc; 848 int flags; 849 } MCEInjectionParams; 850 851 static void do_inject_x86_mce(CPUState *cs, run_on_cpu_data data) 852 { 853 MCEInjectionParams *params = data.host_ptr; 854 X86CPU *cpu = X86_CPU(cs); 855 CPUX86State *cenv = &cpu->env; 856 uint64_t *banks = cenv->mce_banks + 4 * params->bank; 857 858 cpu_synchronize_state(cs); 859 860 /* 861 * If there is an MCE exception being processed, ignore this SRAO MCE 862 * unless unconditional injection was requested. 863 */ 864 if (!(params->flags & MCE_INJECT_UNCOND_AO) 865 && !(params->status & MCI_STATUS_AR) 866 && (cenv->mcg_status & MCG_STATUS_MCIP)) { 867 return; 868 } 869 870 if (params->status & MCI_STATUS_UC) { 871 /* 872 * if MSR_MCG_CTL is not all 1s, the uncorrected error 873 * reporting is disabled 874 */ 875 if ((cenv->mcg_cap & MCG_CTL_P) && cenv->mcg_ctl != ~(uint64_t)0) { 876 monitor_printf(params->mon, 877 "CPU %d: Uncorrected error reporting disabled\n", 878 cs->cpu_index); 879 return; 880 } 881 882 /* 883 * if MSR_MCi_CTL is not all 1s, the uncorrected error 884 * reporting is disabled for the bank 885 */ 886 if (banks[0] != ~(uint64_t)0) { 887 monitor_printf(params->mon, 888 "CPU %d: Uncorrected error reporting disabled for" 889 " bank %d\n", 890 cs->cpu_index, params->bank); 891 return; 892 } 893 894 if ((cenv->mcg_status & MCG_STATUS_MCIP) || 895 !(cenv->cr[4] & CR4_MCE_MASK)) { 896 monitor_printf(params->mon, 897 "CPU %d: Previous MCE still in progress, raising" 898 " triple fault\n", 899 cs->cpu_index); 900 qemu_log_mask(CPU_LOG_RESET, "Triple fault\n"); 901 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET); 902 return; 903 } 904 if (banks[1] & MCI_STATUS_VAL) { 905 params->status |= MCI_STATUS_OVER; 906 } 907 banks[2] = params->addr; 908 banks[3] = params->misc; 909 cenv->mcg_status = params->mcg_status; 910 banks[1] = params->status; 911 cpu_interrupt(cs, CPU_INTERRUPT_MCE); 912 } else if (!(banks[1] & MCI_STATUS_VAL) 913 || !(banks[1] & MCI_STATUS_UC)) { 914 if (banks[1] & MCI_STATUS_VAL) { 915 params->status |= MCI_STATUS_OVER; 916 } 917 banks[2] = params->addr; 918 banks[3] = params->misc; 919 banks[1] = params->status; 920 } else { 921 banks[1] |= MCI_STATUS_OVER; 922 } 923 } 924 925 void cpu_x86_inject_mce(Monitor *mon, X86CPU *cpu, int bank, 926 uint64_t status, uint64_t mcg_status, uint64_t addr, 927 uint64_t misc, int flags) 928 { 929 CPUState *cs = CPU(cpu); 930 CPUX86State *cenv = &cpu->env; 931 MCEInjectionParams params = { 932 .mon = mon, 933 .bank = bank, 934 .status = status, 935 .mcg_status = mcg_status, 936 .addr = addr, 937 .misc = misc, 938 .flags = flags, 939 }; 940 unsigned bank_num = cenv->mcg_cap & 0xff; 941 942 if (!cenv->mcg_cap) { 943 monitor_printf(mon, "MCE injection not supported\n"); 944 return; 945 } 946 if (bank >= bank_num) { 947 monitor_printf(mon, "Invalid MCE bank number\n"); 948 return; 949 } 950 if (!(status & MCI_STATUS_VAL)) { 951 monitor_printf(mon, "Invalid MCE status code\n"); 952 return; 953 } 954 if ((flags & MCE_INJECT_BROADCAST) 955 && !cpu_x86_support_mca_broadcast(cenv)) { 956 monitor_printf(mon, "Guest CPU does not support MCA broadcast\n"); 957 return; 958 } 959 960 run_on_cpu(cs, do_inject_x86_mce, RUN_ON_CPU_HOST_PTR(¶ms)); 961 if (flags & MCE_INJECT_BROADCAST) { 962 CPUState *other_cs; 963 964 params.bank = 1; 965 params.status = MCI_STATUS_VAL | MCI_STATUS_UC; 966 params.mcg_status = MCG_STATUS_MCIP | MCG_STATUS_RIPV; 967 params.addr = 0; 968 params.misc = 0; 969 CPU_FOREACH(other_cs) { 970 if (other_cs == cs) { 971 continue; 972 } 973 run_on_cpu(other_cs, do_inject_x86_mce, RUN_ON_CPU_HOST_PTR(¶ms)); 974 } 975 } 976 } 977 978 void cpu_report_tpr_access(CPUX86State *env, TPRAccess access) 979 { 980 X86CPU *cpu = x86_env_get_cpu(env); 981 CPUState *cs = CPU(cpu); 982 983 if (kvm_enabled() || whpx_enabled()) { 984 env->tpr_access_type = access; 985 986 cpu_interrupt(cs, CPU_INTERRUPT_TPR); 987 } else if (tcg_enabled()) { 988 cpu_restore_state(cs, cs->mem_io_pc, false); 989 990 apic_handle_tpr_access_report(cpu->apic_state, env->eip, access); 991 } 992 } 993 #endif /* !CONFIG_USER_ONLY */ 994 995 int cpu_x86_get_descr_debug(CPUX86State *env, unsigned int selector, 996 target_ulong *base, unsigned int *limit, 997 unsigned int *flags) 998 { 999 X86CPU *cpu = x86_env_get_cpu(env); 1000 CPUState *cs = CPU(cpu); 1001 SegmentCache *dt; 1002 target_ulong ptr; 1003 uint32_t e1, e2; 1004 int index; 1005 1006 if (selector & 0x4) 1007 dt = &env->ldt; 1008 else 1009 dt = &env->gdt; 1010 index = selector & ~7; 1011 ptr = dt->base + index; 1012 if ((index + 7) > dt->limit 1013 || cpu_memory_rw_debug(cs, ptr, (uint8_t *)&e1, sizeof(e1), 0) != 0 1014 || cpu_memory_rw_debug(cs, ptr+4, (uint8_t *)&e2, sizeof(e2), 0) != 0) 1015 return 0; 1016 1017 *base = ((e1 >> 16) | ((e2 & 0xff) << 16) | (e2 & 0xff000000)); 1018 *limit = (e1 & 0xffff) | (e2 & 0x000f0000); 1019 if (e2 & DESC_G_MASK) 1020 *limit = (*limit << 12) | 0xfff; 1021 *flags = e2; 1022 1023 return 1; 1024 } 1025 1026 #if !defined(CONFIG_USER_ONLY) 1027 void do_cpu_init(X86CPU *cpu) 1028 { 1029 CPUState *cs = CPU(cpu); 1030 CPUX86State *env = &cpu->env; 1031 CPUX86State *save = g_new(CPUX86State, 1); 1032 int sipi = cs->interrupt_request & CPU_INTERRUPT_SIPI; 1033 1034 *save = *env; 1035 1036 cpu_reset(cs); 1037 cs->interrupt_request = sipi; 1038 memcpy(&env->start_init_save, &save->start_init_save, 1039 offsetof(CPUX86State, end_init_save) - 1040 offsetof(CPUX86State, start_init_save)); 1041 g_free(save); 1042 1043 if (kvm_enabled()) { 1044 kvm_arch_do_init_vcpu(cpu); 1045 } 1046 apic_init_reset(cpu->apic_state); 1047 } 1048 1049 void do_cpu_sipi(X86CPU *cpu) 1050 { 1051 apic_sipi(cpu->apic_state); 1052 } 1053 #else 1054 void do_cpu_init(X86CPU *cpu) 1055 { 1056 } 1057 void do_cpu_sipi(X86CPU *cpu) 1058 { 1059 } 1060 #endif 1061 1062 /* Frob eflags into and out of the CPU temporary format. */ 1063 1064 void x86_cpu_exec_enter(CPUState *cs) 1065 { 1066 X86CPU *cpu = X86_CPU(cs); 1067 CPUX86State *env = &cpu->env; 1068 1069 CC_SRC = env->eflags & (CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C); 1070 env->df = 1 - (2 * ((env->eflags >> 10) & 1)); 1071 CC_OP = CC_OP_EFLAGS; 1072 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C); 1073 } 1074 1075 void x86_cpu_exec_exit(CPUState *cs) 1076 { 1077 X86CPU *cpu = X86_CPU(cs); 1078 CPUX86State *env = &cpu->env; 1079 1080 env->eflags = cpu_compute_eflags(env); 1081 } 1082 1083 #ifndef CONFIG_USER_ONLY 1084 uint8_t x86_ldub_phys(CPUState *cs, hwaddr addr) 1085 { 1086 X86CPU *cpu = X86_CPU(cs); 1087 CPUX86State *env = &cpu->env; 1088 MemTxAttrs attrs = cpu_get_mem_attrs(env); 1089 AddressSpace *as = cpu_addressspace(cs, attrs); 1090 1091 return address_space_ldub(as, addr, attrs, NULL); 1092 } 1093 1094 uint32_t x86_lduw_phys(CPUState *cs, hwaddr addr) 1095 { 1096 X86CPU *cpu = X86_CPU(cs); 1097 CPUX86State *env = &cpu->env; 1098 MemTxAttrs attrs = cpu_get_mem_attrs(env); 1099 AddressSpace *as = cpu_addressspace(cs, attrs); 1100 1101 return address_space_lduw(as, addr, attrs, NULL); 1102 } 1103 1104 uint32_t x86_ldl_phys(CPUState *cs, hwaddr addr) 1105 { 1106 X86CPU *cpu = X86_CPU(cs); 1107 CPUX86State *env = &cpu->env; 1108 MemTxAttrs attrs = cpu_get_mem_attrs(env); 1109 AddressSpace *as = cpu_addressspace(cs, attrs); 1110 1111 return address_space_ldl(as, addr, attrs, NULL); 1112 } 1113 1114 uint64_t x86_ldq_phys(CPUState *cs, hwaddr addr) 1115 { 1116 X86CPU *cpu = X86_CPU(cs); 1117 CPUX86State *env = &cpu->env; 1118 MemTxAttrs attrs = cpu_get_mem_attrs(env); 1119 AddressSpace *as = cpu_addressspace(cs, attrs); 1120 1121 return address_space_ldq(as, addr, attrs, NULL); 1122 } 1123 1124 void x86_stb_phys(CPUState *cs, hwaddr addr, uint8_t val) 1125 { 1126 X86CPU *cpu = X86_CPU(cs); 1127 CPUX86State *env = &cpu->env; 1128 MemTxAttrs attrs = cpu_get_mem_attrs(env); 1129 AddressSpace *as = cpu_addressspace(cs, attrs); 1130 1131 address_space_stb(as, addr, val, attrs, NULL); 1132 } 1133 1134 void x86_stl_phys_notdirty(CPUState *cs, hwaddr addr, uint32_t val) 1135 { 1136 X86CPU *cpu = X86_CPU(cs); 1137 CPUX86State *env = &cpu->env; 1138 MemTxAttrs attrs = cpu_get_mem_attrs(env); 1139 AddressSpace *as = cpu_addressspace(cs, attrs); 1140 1141 address_space_stl_notdirty(as, addr, val, attrs, NULL); 1142 } 1143 1144 void x86_stw_phys(CPUState *cs, hwaddr addr, uint32_t val) 1145 { 1146 X86CPU *cpu = X86_CPU(cs); 1147 CPUX86State *env = &cpu->env; 1148 MemTxAttrs attrs = cpu_get_mem_attrs(env); 1149 AddressSpace *as = cpu_addressspace(cs, attrs); 1150 1151 address_space_stw(as, addr, val, attrs, NULL); 1152 } 1153 1154 void x86_stl_phys(CPUState *cs, hwaddr addr, uint32_t val) 1155 { 1156 X86CPU *cpu = X86_CPU(cs); 1157 CPUX86State *env = &cpu->env; 1158 MemTxAttrs attrs = cpu_get_mem_attrs(env); 1159 AddressSpace *as = cpu_addressspace(cs, attrs); 1160 1161 address_space_stl(as, addr, val, attrs, NULL); 1162 } 1163 1164 void x86_stq_phys(CPUState *cs, hwaddr addr, uint64_t val) 1165 { 1166 X86CPU *cpu = X86_CPU(cs); 1167 CPUX86State *env = &cpu->env; 1168 MemTxAttrs attrs = cpu_get_mem_attrs(env); 1169 AddressSpace *as = cpu_addressspace(cs, attrs); 1170 1171 address_space_stq(as, addr, val, attrs, NULL); 1172 } 1173 #endif 1174