1 /*
2  *  x86 misc helpers - sysemu code
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "qemu/main-loop.h"
22 #include "cpu.h"
23 #include "exec/helper-proto.h"
24 #include "exec/cpu_ldst.h"
25 #include "exec/address-spaces.h"
26 #include "exec/exec-all.h"
27 #include "tcg/helper-tcg.h"
28 #include "hw/i386/apic.h"
29 
30 void helper_outb(CPUX86State *env, uint32_t port, uint32_t data)
31 {
32     address_space_stb(&address_space_io, port, data,
33                       cpu_get_mem_attrs(env), NULL);
34 }
35 
36 target_ulong helper_inb(CPUX86State *env, uint32_t port)
37 {
38     return address_space_ldub(&address_space_io, port,
39                               cpu_get_mem_attrs(env), NULL);
40 }
41 
42 void helper_outw(CPUX86State *env, uint32_t port, uint32_t data)
43 {
44     address_space_stw(&address_space_io, port, data,
45                       cpu_get_mem_attrs(env), NULL);
46 }
47 
48 target_ulong helper_inw(CPUX86State *env, uint32_t port)
49 {
50     return address_space_lduw(&address_space_io, port,
51                               cpu_get_mem_attrs(env), NULL);
52 }
53 
54 void helper_outl(CPUX86State *env, uint32_t port, uint32_t data)
55 {
56     address_space_stl(&address_space_io, port, data,
57                       cpu_get_mem_attrs(env), NULL);
58 }
59 
60 target_ulong helper_inl(CPUX86State *env, uint32_t port)
61 {
62     return address_space_ldl(&address_space_io, port,
63                              cpu_get_mem_attrs(env), NULL);
64 }
65 
66 target_ulong helper_read_crN(CPUX86State *env, int reg)
67 {
68     target_ulong val;
69 
70     switch (reg) {
71     default:
72         val = env->cr[reg];
73         break;
74     case 8:
75         if (!(env->hflags2 & HF2_VINTR_MASK)) {
76             val = cpu_get_apic_tpr(env_archcpu(env)->apic_state);
77         } else {
78             val = env->int_ctl & V_TPR_MASK;
79         }
80         break;
81     }
82     return val;
83 }
84 
85 void helper_write_crN(CPUX86State *env, int reg, target_ulong t0)
86 {
87     switch (reg) {
88     case 0:
89         /*
90         * If we reach this point, the CR0 write intercept is disabled.
91         * But we could still exit if the hypervisor has requested the selective
92         * intercept for bits other than TS and MP
93         */
94         if (cpu_svm_has_intercept(env, SVM_EXIT_CR0_SEL_WRITE) &&
95             ((env->cr[0] ^ t0) & ~(CR0_TS_MASK | CR0_MP_MASK))) {
96             cpu_vmexit(env, SVM_EXIT_CR0_SEL_WRITE, 0, GETPC());
97         }
98         cpu_x86_update_cr0(env, t0);
99         break;
100     case 3:
101         if ((env->efer & MSR_EFER_LMA) &&
102                 (t0 & ((~0ULL) << env_archcpu(env)->phys_bits))) {
103             cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC());
104         }
105         if (!(env->efer & MSR_EFER_LMA)) {
106             t0 &= 0xffffffffUL;
107         }
108         cpu_x86_update_cr3(env, t0);
109         break;
110     case 4:
111         if (t0 & cr4_reserved_bits(env)) {
112             cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC());
113         }
114         if (((t0 ^ env->cr[4]) & CR4_LA57_MASK) &&
115             (env->hflags & HF_CS64_MASK)) {
116             raise_exception_ra(env, EXCP0D_GPF, GETPC());
117         }
118         cpu_x86_update_cr4(env, t0);
119         break;
120     case 8:
121         if (!(env->hflags2 & HF2_VINTR_MASK)) {
122             bql_lock();
123             cpu_set_apic_tpr(env_archcpu(env)->apic_state, t0);
124             bql_unlock();
125         }
126         env->int_ctl = (env->int_ctl & ~V_TPR_MASK) | (t0 & V_TPR_MASK);
127 
128         CPUState *cs = env_cpu(env);
129         if (ctl_has_irq(env)) {
130             cpu_interrupt(cs, CPU_INTERRUPT_VIRQ);
131         } else {
132             cpu_reset_interrupt(cs, CPU_INTERRUPT_VIRQ);
133         }
134         break;
135     default:
136         env->cr[reg] = t0;
137         break;
138     }
139 }
140 
141 void helper_wrmsr(CPUX86State *env)
142 {
143     uint64_t val;
144     CPUState *cs = env_cpu(env);
145 
146     cpu_svm_check_intercept_param(env, SVM_EXIT_MSR, 1, GETPC());
147 
148     val = ((uint32_t)env->regs[R_EAX]) |
149         ((uint64_t)((uint32_t)env->regs[R_EDX]) << 32);
150 
151     switch ((uint32_t)env->regs[R_ECX]) {
152     case MSR_IA32_SYSENTER_CS:
153         env->sysenter_cs = val & 0xffff;
154         break;
155     case MSR_IA32_SYSENTER_ESP:
156         env->sysenter_esp = val;
157         break;
158     case MSR_IA32_SYSENTER_EIP:
159         env->sysenter_eip = val;
160         break;
161     case MSR_IA32_APICBASE: {
162         int ret;
163 
164         if (val & MSR_IA32_APICBASE_RESERVED) {
165             goto error;
166         }
167 
168         ret = cpu_set_apic_base(env_archcpu(env)->apic_state, val);
169         if (ret < 0) {
170             goto error;
171         }
172         break;
173     }
174     case MSR_EFER:
175         {
176             uint64_t update_mask;
177 
178             update_mask = 0;
179             if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_SYSCALL) {
180                 update_mask |= MSR_EFER_SCE;
181             }
182             if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM) {
183                 update_mask |= MSR_EFER_LME;
184             }
185             if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_FFXSR) {
186                 update_mask |= MSR_EFER_FFXSR;
187             }
188             if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_NX) {
189                 update_mask |= MSR_EFER_NXE;
190             }
191             if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
192                 update_mask |= MSR_EFER_SVME;
193             }
194             if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_FFXSR) {
195                 update_mask |= MSR_EFER_FFXSR;
196             }
197             cpu_load_efer(env, (env->efer & ~update_mask) |
198                           (val & update_mask));
199         }
200         break;
201     case MSR_STAR:
202         env->star = val;
203         break;
204     case MSR_PAT:
205         env->pat = val;
206         break;
207     case MSR_IA32_PKRS:
208         if (val & 0xFFFFFFFF00000000ull) {
209             goto error;
210         }
211         env->pkrs = val;
212         tlb_flush(cs);
213         break;
214     case MSR_VM_HSAVE_PA:
215         if (val & (0xfff | ((~0ULL) << env_archcpu(env)->phys_bits))) {
216             goto error;
217         }
218         env->vm_hsave = val;
219         break;
220 #ifdef TARGET_X86_64
221     case MSR_LSTAR:
222         env->lstar = val;
223         break;
224     case MSR_CSTAR:
225         env->cstar = val;
226         break;
227     case MSR_FMASK:
228         env->fmask = val;
229         break;
230     case MSR_FSBASE:
231         env->segs[R_FS].base = val;
232         break;
233     case MSR_GSBASE:
234         env->segs[R_GS].base = val;
235         break;
236     case MSR_KERNELGSBASE:
237         env->kernelgsbase = val;
238         break;
239 #endif
240     case MSR_MTRRphysBase(0):
241     case MSR_MTRRphysBase(1):
242     case MSR_MTRRphysBase(2):
243     case MSR_MTRRphysBase(3):
244     case MSR_MTRRphysBase(4):
245     case MSR_MTRRphysBase(5):
246     case MSR_MTRRphysBase(6):
247     case MSR_MTRRphysBase(7):
248         env->mtrr_var[((uint32_t)env->regs[R_ECX] -
249                        MSR_MTRRphysBase(0)) / 2].base = val;
250         break;
251     case MSR_MTRRphysMask(0):
252     case MSR_MTRRphysMask(1):
253     case MSR_MTRRphysMask(2):
254     case MSR_MTRRphysMask(3):
255     case MSR_MTRRphysMask(4):
256     case MSR_MTRRphysMask(5):
257     case MSR_MTRRphysMask(6):
258     case MSR_MTRRphysMask(7):
259         env->mtrr_var[((uint32_t)env->regs[R_ECX] -
260                        MSR_MTRRphysMask(0)) / 2].mask = val;
261         break;
262     case MSR_MTRRfix64K_00000:
263         env->mtrr_fixed[(uint32_t)env->regs[R_ECX] -
264                         MSR_MTRRfix64K_00000] = val;
265         break;
266     case MSR_MTRRfix16K_80000:
267     case MSR_MTRRfix16K_A0000:
268         env->mtrr_fixed[(uint32_t)env->regs[R_ECX] -
269                         MSR_MTRRfix16K_80000 + 1] = val;
270         break;
271     case MSR_MTRRfix4K_C0000:
272     case MSR_MTRRfix4K_C8000:
273     case MSR_MTRRfix4K_D0000:
274     case MSR_MTRRfix4K_D8000:
275     case MSR_MTRRfix4K_E0000:
276     case MSR_MTRRfix4K_E8000:
277     case MSR_MTRRfix4K_F0000:
278     case MSR_MTRRfix4K_F8000:
279         env->mtrr_fixed[(uint32_t)env->regs[R_ECX] -
280                         MSR_MTRRfix4K_C0000 + 3] = val;
281         break;
282     case MSR_MTRRdefType:
283         env->mtrr_deftype = val;
284         break;
285     case MSR_MCG_STATUS:
286         env->mcg_status = val;
287         break;
288     case MSR_MCG_CTL:
289         if ((env->mcg_cap & MCG_CTL_P)
290             && (val == 0 || val == ~(uint64_t)0)) {
291             env->mcg_ctl = val;
292         }
293         break;
294     case MSR_TSC_AUX:
295         env->tsc_aux = val;
296         break;
297     case MSR_IA32_MISC_ENABLE:
298         env->msr_ia32_misc_enable = val;
299         break;
300     case MSR_IA32_BNDCFGS:
301         /* FIXME: #GP if reserved bits are set.  */
302         /* FIXME: Extend highest implemented bit of linear address.  */
303         env->msr_bndcfgs = val;
304         cpu_sync_bndcs_hflags(env);
305         break;
306     case MSR_APIC_START ... MSR_APIC_END: {
307         int ret;
308         int index = (uint32_t)env->regs[R_ECX] - MSR_APIC_START;
309 
310         bql_lock();
311         ret = apic_msr_write(index, val);
312         bql_unlock();
313         if (ret < 0) {
314             goto error;
315         }
316 
317         break;
318     }
319     default:
320         if ((uint32_t)env->regs[R_ECX] >= MSR_MC0_CTL
321             && (uint32_t)env->regs[R_ECX] < MSR_MC0_CTL +
322             (4 * env->mcg_cap & 0xff)) {
323             uint32_t offset = (uint32_t)env->regs[R_ECX] - MSR_MC0_CTL;
324             if ((offset & 0x3) != 0
325                 || (val == 0 || val == ~(uint64_t)0)) {
326                 env->mce_banks[offset] = val;
327             }
328             break;
329         }
330         /* XXX: exception? */
331         break;
332     }
333     return;
334 error:
335     raise_exception_err_ra(env, EXCP0D_GPF, 0, GETPC());
336 }
337 
338 void helper_rdmsr(CPUX86State *env)
339 {
340     X86CPU *x86_cpu = env_archcpu(env);
341     uint64_t val;
342 
343     cpu_svm_check_intercept_param(env, SVM_EXIT_MSR, 0, GETPC());
344 
345     switch ((uint32_t)env->regs[R_ECX]) {
346     case MSR_IA32_SYSENTER_CS:
347         val = env->sysenter_cs;
348         break;
349     case MSR_IA32_SYSENTER_ESP:
350         val = env->sysenter_esp;
351         break;
352     case MSR_IA32_SYSENTER_EIP:
353         val = env->sysenter_eip;
354         break;
355     case MSR_IA32_APICBASE:
356         val = cpu_get_apic_base(env_archcpu(env)->apic_state);
357         break;
358     case MSR_EFER:
359         val = env->efer;
360         break;
361     case MSR_STAR:
362         val = env->star;
363         break;
364     case MSR_PAT:
365         val = env->pat;
366         break;
367     case MSR_IA32_PKRS:
368         val = env->pkrs;
369         break;
370     case MSR_VM_HSAVE_PA:
371         val = env->vm_hsave;
372         break;
373     case MSR_IA32_PERF_STATUS:
374         /* tsc_increment_by_tick */
375         val = 1000ULL;
376         /* CPU multiplier */
377         val |= (((uint64_t)4ULL) << 40);
378         break;
379 #ifdef TARGET_X86_64
380     case MSR_LSTAR:
381         val = env->lstar;
382         break;
383     case MSR_CSTAR:
384         val = env->cstar;
385         break;
386     case MSR_FMASK:
387         val = env->fmask;
388         break;
389     case MSR_FSBASE:
390         val = env->segs[R_FS].base;
391         break;
392     case MSR_GSBASE:
393         val = env->segs[R_GS].base;
394         break;
395     case MSR_KERNELGSBASE:
396         val = env->kernelgsbase;
397         break;
398     case MSR_TSC_AUX:
399         val = env->tsc_aux;
400         break;
401 #endif
402     case MSR_SMI_COUNT:
403         val = env->msr_smi_count;
404         break;
405     case MSR_MTRRphysBase(0):
406     case MSR_MTRRphysBase(1):
407     case MSR_MTRRphysBase(2):
408     case MSR_MTRRphysBase(3):
409     case MSR_MTRRphysBase(4):
410     case MSR_MTRRphysBase(5):
411     case MSR_MTRRphysBase(6):
412     case MSR_MTRRphysBase(7):
413         val = env->mtrr_var[((uint32_t)env->regs[R_ECX] -
414                              MSR_MTRRphysBase(0)) / 2].base;
415         break;
416     case MSR_MTRRphysMask(0):
417     case MSR_MTRRphysMask(1):
418     case MSR_MTRRphysMask(2):
419     case MSR_MTRRphysMask(3):
420     case MSR_MTRRphysMask(4):
421     case MSR_MTRRphysMask(5):
422     case MSR_MTRRphysMask(6):
423     case MSR_MTRRphysMask(7):
424         val = env->mtrr_var[((uint32_t)env->regs[R_ECX] -
425                              MSR_MTRRphysMask(0)) / 2].mask;
426         break;
427     case MSR_MTRRfix64K_00000:
428         val = env->mtrr_fixed[0];
429         break;
430     case MSR_MTRRfix16K_80000:
431     case MSR_MTRRfix16K_A0000:
432         val = env->mtrr_fixed[(uint32_t)env->regs[R_ECX] -
433                               MSR_MTRRfix16K_80000 + 1];
434         break;
435     case MSR_MTRRfix4K_C0000:
436     case MSR_MTRRfix4K_C8000:
437     case MSR_MTRRfix4K_D0000:
438     case MSR_MTRRfix4K_D8000:
439     case MSR_MTRRfix4K_E0000:
440     case MSR_MTRRfix4K_E8000:
441     case MSR_MTRRfix4K_F0000:
442     case MSR_MTRRfix4K_F8000:
443         val = env->mtrr_fixed[(uint32_t)env->regs[R_ECX] -
444                               MSR_MTRRfix4K_C0000 + 3];
445         break;
446     case MSR_MTRRdefType:
447         val = env->mtrr_deftype;
448         break;
449     case MSR_MTRRcap:
450         if (env->features[FEAT_1_EDX] & CPUID_MTRR) {
451             val = MSR_MTRRcap_VCNT | MSR_MTRRcap_FIXRANGE_SUPPORT |
452                 MSR_MTRRcap_WC_SUPPORTED;
453         } else {
454             /* XXX: exception? */
455             val = 0;
456         }
457         break;
458     case MSR_MCG_CAP:
459         val = env->mcg_cap;
460         break;
461     case MSR_MCG_CTL:
462         if (env->mcg_cap & MCG_CTL_P) {
463             val = env->mcg_ctl;
464         } else {
465             val = 0;
466         }
467         break;
468     case MSR_MCG_STATUS:
469         val = env->mcg_status;
470         break;
471     case MSR_IA32_MISC_ENABLE:
472         val = env->msr_ia32_misc_enable;
473         break;
474     case MSR_IA32_BNDCFGS:
475         val = env->msr_bndcfgs;
476         break;
477      case MSR_IA32_UCODE_REV:
478         val = x86_cpu->ucode_rev;
479         break;
480     case MSR_CORE_THREAD_COUNT: {
481         CPUState *cs = CPU(x86_cpu);
482         val = (cs->nr_threads * cs->nr_cores) | (cs->nr_cores << 16);
483         break;
484     }
485     case MSR_APIC_START ... MSR_APIC_END: {
486         int ret;
487         int index = (uint32_t)env->regs[R_ECX] - MSR_APIC_START;
488 
489         bql_lock();
490         ret = apic_msr_read(index, &val);
491         bql_unlock();
492         if (ret < 0) {
493             raise_exception_err_ra(env, EXCP0D_GPF, 0, GETPC());
494         }
495 
496         break;
497     }
498     default:
499         if ((uint32_t)env->regs[R_ECX] >= MSR_MC0_CTL
500             && (uint32_t)env->regs[R_ECX] < MSR_MC0_CTL +
501             (4 * env->mcg_cap & 0xff)) {
502             uint32_t offset = (uint32_t)env->regs[R_ECX] - MSR_MC0_CTL;
503             val = env->mce_banks[offset];
504             break;
505         }
506         /* XXX: exception? */
507         val = 0;
508         break;
509     }
510     env->regs[R_EAX] = (uint32_t)(val);
511     env->regs[R_EDX] = (uint32_t)(val >> 32);
512 }
513 
514 void helper_flush_page(CPUX86State *env, target_ulong addr)
515 {
516     tlb_flush_page(env_cpu(env), addr);
517 }
518 
519 static G_NORETURN
520 void do_hlt(CPUX86State *env)
521 {
522     CPUState *cs = env_cpu(env);
523 
524     env->hflags &= ~HF_INHIBIT_IRQ_MASK; /* needed if sti is just before */
525     cs->halted = 1;
526     cs->exception_index = EXCP_HLT;
527     cpu_loop_exit(cs);
528 }
529 
530 G_NORETURN void helper_hlt(CPUX86State *env, int next_eip_addend)
531 {
532     cpu_svm_check_intercept_param(env, SVM_EXIT_HLT, 0, GETPC());
533     env->eip += next_eip_addend;
534 
535     do_hlt(env);
536 }
537 
538 void helper_monitor(CPUX86State *env, target_ulong ptr)
539 {
540     if ((uint32_t)env->regs[R_ECX] != 0) {
541         raise_exception_ra(env, EXCP0D_GPF, GETPC());
542     }
543     /* XXX: store address? */
544     cpu_svm_check_intercept_param(env, SVM_EXIT_MONITOR, 0, GETPC());
545 }
546 
547 G_NORETURN void helper_mwait(CPUX86State *env, int next_eip_addend)
548 {
549     CPUState *cs = env_cpu(env);
550 
551     if ((uint32_t)env->regs[R_ECX] != 0) {
552         raise_exception_ra(env, EXCP0D_GPF, GETPC());
553     }
554     cpu_svm_check_intercept_param(env, SVM_EXIT_MWAIT, 0, GETPC());
555     env->eip += next_eip_addend;
556 
557     /* XXX: not complete but not completely erroneous */
558     if (cs->cpu_index != 0 || CPU_NEXT(cs) != NULL) {
559         do_pause(env);
560     } else {
561         do_hlt(env);
562     }
563 }
564