]> git.proxmox.com Git - qemu.git/blame - target-i386/helper.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
migration: make qemu_ftell() public and support writable files
[qemu.git] / target-i386 / helper.c
CommitLineData
2c0262af 1/*
eaa728ee 2 * i386 helpers (without register variable usage)
5fafdf24 3 *
2c0262af
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
2c0262af 18 */
2c0262af 19
eaa728ee 20#include "cpu.h"
9c17d615 21#include "sysemu/kvm.h"
2fa11da0 22#ifndef CONFIG_USER_ONLY
9c17d615 23#include "sysemu/sysemu.h"
83c9089e 24#include "monitor/monitor.h"
2fa11da0 25#endif
f3f2d9be 26
eaa728ee 27//#define DEBUG_MMU
b5ec5ce0 28
317ac620 29static void cpu_x86_version(CPUX86State *env, int *family, int *model)
2bd3e04c
JD		 30{
31 int cpuver = env->cpuid_version;
32
33 if (family == NULL || model == NULL) {
34 return;
35 }
36
37 *family = (cpuver >> 8) & 0x0f;
38 *model = ((cpuver >> 12) & 0xf0) + ((cpuver >> 4) & 0x0f);
39}
40
41/* Broadcast MCA signal for processor version 06H_EH and above */
317ac620 42int cpu_x86_support_mca_broadcast(CPUX86State *env)
2bd3e04c
JD		 43{
44 int family = 0;
45 int model = 0;
46
47 cpu_x86_version(env, &family, &model);
48 if ((family == 6 && model >= 14) || family > 6) {
49 return 1;
50 }
51
52 return 0;
53}
54
eaa728ee
FB		 55/***********************************************************/
56/* x86 debug */
3b46e624 57
eaa728ee
FB		 58static const char *cc_op_str[] = {
59 "DYNAMIC",
60 "EFLAGS",
7e84c249 61
eaa728ee
FB		 62 "MULB",
63 "MULW",
64 "MULL",
65 "MULQ",
3b46e624 66
eaa728ee
FB		 67 "ADDB",
68 "ADDW",
69 "ADDL",
70 "ADDQ",
3b46e624 71
eaa728ee
FB		 72 "ADCB",
73 "ADCW",
74 "ADCL",
75 "ADCQ",
3b46e624 76
eaa728ee
FB		 77 "SUBB",
78 "SUBW",
79 "SUBL",
80 "SUBQ",
7e84c249 81
eaa728ee
FB		 82 "SBBB",
83 "SBBW",
84 "SBBL",
85 "SBBQ",
7e84c249 86
eaa728ee
FB		 87 "LOGICB",
88 "LOGICW",
89 "LOGICL",
90 "LOGICQ",
7e84c249 91
eaa728ee
FB		 92 "INCB",
93 "INCW",
94 "INCL",
95 "INCQ",
3b46e624 96
eaa728ee
FB		 97 "DECB",
98 "DECW",
99 "DECL",
100 "DECQ",
3b46e624 101
eaa728ee
FB		 102 "SHLB",
103 "SHLW",
104 "SHLL",
105 "SHLQ",
3b46e624 106
eaa728ee
FB		 107 "SARB",
108 "SARW",
109 "SARL",
110 "SARQ",
111};
7e84c249 112
a3867ed2 113static void
317ac620 114cpu_x86_dump_seg_cache(CPUX86State *env, FILE *f, fprintf_function cpu_fprintf,
a3867ed2
AL		 115 const char *name, struct SegmentCache *sc)
116{
117#ifdef TARGET_X86_64
118 if (env->hflags & HF_CS64_MASK) {
119 cpu_fprintf(f, "%-3s=%04x %016" PRIx64 " %08x %08x", name,
4058fd98 120 sc->selector, sc->base, sc->limit, sc->flags & 0x00ffff00);
a3867ed2
AL		 121 } else
122#endif
123 {
124 cpu_fprintf(f, "%-3s=%04x %08x %08x %08x", name, sc->selector,
4058fd98 125 (uint32_t)sc->base, sc->limit, sc->flags & 0x00ffff00);
a3867ed2
AL		 126 }
127
128 if (!(env->hflags & HF_PE_MASK) || !(sc->flags & DESC_P_MASK))
129 goto done;
130
131 cpu_fprintf(f, " DPL=%d ", (sc->flags & DESC_DPL_MASK) >> DESC_DPL_SHIFT);
132 if (sc->flags & DESC_S_MASK) {
133 if (sc->flags & DESC_CS_MASK) {
134 cpu_fprintf(f, (sc->flags & DESC_L_MASK) ? "CS64" :
135 ((sc->flags & DESC_B_MASK) ? "CS32" : "CS16"));
136 cpu_fprintf(f, " [%c%c", (sc->flags & DESC_C_MASK) ? 'C' : '-',
137 (sc->flags & DESC_R_MASK) ? 'R' : '-');
138 } else {
139 cpu_fprintf(f, (sc->flags & DESC_B_MASK) ? "DS " : "DS16");
140 cpu_fprintf(f, " [%c%c", (sc->flags & DESC_E_MASK) ? 'E' : '-',
141 (sc->flags & DESC_W_MASK) ? 'W' : '-');
142 }
143 cpu_fprintf(f, "%c]", (sc->flags & DESC_A_MASK) ? 'A' : '-');
144 } else {
145 static const char *sys_type_name[2][16] = {
146 { /* 32 bit mode */
147 "Reserved", "TSS16-avl", "LDT", "TSS16-busy",
148 "CallGate16", "TaskGate", "IntGate16", "TrapGate16",
149 "Reserved", "TSS32-avl", "Reserved", "TSS32-busy",
150 "CallGate32", "Reserved", "IntGate32", "TrapGate32"
151 },
152 { /* 64 bit mode */
153 "<hiword>", "Reserved", "LDT", "Reserved", "Reserved",
154 "Reserved", "Reserved", "Reserved", "Reserved",
155 "TSS64-avl", "Reserved", "TSS64-busy", "CallGate64",
156 "Reserved", "IntGate64", "TrapGate64"
157 }
158 };
e5c15eff
SW		 159 cpu_fprintf(f, "%s",
160 sys_type_name[(env->hflags & HF_LMA_MASK) ? 1 : 0]
161 [(sc->flags & DESC_TYPE_MASK)
162 >> DESC_TYPE_SHIFT]);
a3867ed2
AL		 163 }
164done:
165 cpu_fprintf(f, "\n");
166}
167
f5c848ee
JK		 168#define DUMP_CODE_BYTES_TOTAL 50
169#define DUMP_CODE_BYTES_BACKWARD 20
170
317ac620 171void cpu_dump_state(CPUX86State *env, FILE *f, fprintf_function cpu_fprintf,
eaa728ee
FB		 172 int flags)
173{
174 int eflags, i, nb;
175 char cc_op_name[32];
176 static const char *seg_name[6] = { "ES", "CS", "SS", "DS", "FS", "GS" };
7e84c249 177
23054111 178 cpu_synchronize_state(env);
ff3c01ca 179
eaa728ee
FB		 180 eflags = env->eflags;
181#ifdef TARGET_X86_64
182 if (env->hflags & HF_CS64_MASK) {
183 cpu_fprintf(f,
184 "RAX=%016" PRIx64 " RBX=%016" PRIx64 " RCX=%016" PRIx64 " RDX=%016" PRIx64 "\n"
185 "RSI=%016" PRIx64 " RDI=%016" PRIx64 " RBP=%016" PRIx64 " RSP=%016" PRIx64 "\n"
186 "R8 =%016" PRIx64 " R9 =%016" PRIx64 " R10=%016" PRIx64 " R11=%016" PRIx64 "\n"
187 "R12=%016" PRIx64 " R13=%016" PRIx64 " R14=%016" PRIx64 " R15=%016" PRIx64 "\n"
188 "RIP=%016" PRIx64 " RFL=%08x [%c%c%c%c%c%c%c] CPL=%d II=%d A20=%d SMM=%d HLT=%d\n",
189 env->regs[R_EAX],
190 env->regs[R_EBX],
191 env->regs[R_ECX],
192 env->regs[R_EDX],
193 env->regs[R_ESI],
194 env->regs[R_EDI],
195 env->regs[R_EBP],
196 env->regs[R_ESP],
197 env->regs[8],
198 env->regs[9],
199 env->regs[10],
200 env->regs[11],
201 env->regs[12],
202 env->regs[13],
203 env->regs[14],
204 env->regs[15],
205 env->eip, eflags,
206 eflags & DF_MASK ? 'D' : '-',
207 eflags & CC_O ? 'O' : '-',
208 eflags & CC_S ? 'S' : '-',
209 eflags & CC_Z ? 'Z' : '-',
210 eflags & CC_A ? 'A' : '-',
211 eflags & CC_P ? 'P' : '-',
212 eflags & CC_C ? 'C' : '-',
213 env->hflags & HF_CPL_MASK,
214 (env->hflags >> HF_INHIBIT_IRQ_SHIFT) & 1,
5ee0ffaa 215 (env->a20_mask >> 20) & 1,
eaa728ee 216 (env->hflags >> HF_SMM_SHIFT) & 1,
ce5232c5 217 env->halted);
eaa728ee
FB		 218 } else
219#endif
220 {
221 cpu_fprintf(f, "EAX=%08x EBX=%08x ECX=%08x EDX=%08x\n"
222 "ESI=%08x EDI=%08x EBP=%08x ESP=%08x\n"
223 "EIP=%08x EFL=%08x [%c%c%c%c%c%c%c] CPL=%d II=%d A20=%d SMM=%d HLT=%d\n",
224 (uint32_t)env->regs[R_EAX],
225 (uint32_t)env->regs[R_EBX],
226 (uint32_t)env->regs[R_ECX],
227 (uint32_t)env->regs[R_EDX],
228 (uint32_t)env->regs[R_ESI],
229 (uint32_t)env->regs[R_EDI],
230 (uint32_t)env->regs[R_EBP],
231 (uint32_t)env->regs[R_ESP],
232 (uint32_t)env->eip, eflags,
233 eflags & DF_MASK ? 'D' : '-',
234 eflags & CC_O ? 'O' : '-',
235 eflags & CC_S ? 'S' : '-',
236 eflags & CC_Z ? 'Z' : '-',
237 eflags & CC_A ? 'A' : '-',
238 eflags & CC_P ? 'P' : '-',
239 eflags & CC_C ? 'C' : '-',
240 env->hflags & HF_CPL_MASK,
241 (env->hflags >> HF_INHIBIT_IRQ_SHIFT) & 1,
5ee0ffaa 242 (env->a20_mask >> 20) & 1,
eaa728ee 243 (env->hflags >> HF_SMM_SHIFT) & 1,
ce5232c5 244 env->halted);
8145122b 245 }
3b46e624 246
a3867ed2
AL		 247 for(i = 0; i < 6; i++) {
248 cpu_x86_dump_seg_cache(env, f, cpu_fprintf, seg_name[i],
249 &env->segs[i]);
250 }
251 cpu_x86_dump_seg_cache(env, f, cpu_fprintf, "LDT", &env->ldt);
252 cpu_x86_dump_seg_cache(env, f, cpu_fprintf, "TR", &env->tr);
253
eaa728ee
FB		 254#ifdef TARGET_X86_64
255 if (env->hflags & HF_LMA_MASK) {
eaa728ee
FB		 256 cpu_fprintf(f, "GDT= %016" PRIx64 " %08x\n",
257 env->gdt.base, env->gdt.limit);
258 cpu_fprintf(f, "IDT= %016" PRIx64 " %08x\n",
259 env->idt.base, env->idt.limit);
260 cpu_fprintf(f, "CR0=%08x CR2=%016" PRIx64 " CR3=%016" PRIx64 " CR4=%08x\n",
261 (uint32_t)env->cr[0],
262 env->cr[2],
263 env->cr[3],
264 (uint32_t)env->cr[4]);
a59cb4e0
AL		 265 for(i = 0; i < 4; i++)
266 cpu_fprintf(f, "DR%d=%016" PRIx64 " ", i, env->dr[i]);
267 cpu_fprintf(f, "\nDR6=%016" PRIx64 " DR7=%016" PRIx64 "\n",
d4b55be5 268 env->dr[6], env->dr[7]);
eaa728ee
FB		 269 } else
270#endif
271 {
eaa728ee
FB		 272 cpu_fprintf(f, "GDT= %08x %08x\n",
273 (uint32_t)env->gdt.base, env->gdt.limit);
274 cpu_fprintf(f, "IDT= %08x %08x\n",
275 (uint32_t)env->idt.base, env->idt.limit);
276 cpu_fprintf(f, "CR0=%08x CR2=%08x CR3=%08x CR4=%08x\n",
277 (uint32_t)env->cr[0],
278 (uint32_t)env->cr[2],
279 (uint32_t)env->cr[3],
280 (uint32_t)env->cr[4]);
9a78eead
SW		 281 for(i = 0; i < 4; i++) {
282 cpu_fprintf(f, "DR%d=" TARGET_FMT_lx " ", i, env->dr[i]);
283 }
284 cpu_fprintf(f, "\nDR6=" TARGET_FMT_lx " DR7=" TARGET_FMT_lx "\n",
285 env->dr[6], env->dr[7]);
eaa728ee 286 }
6fd2a026 287 if (flags & CPU_DUMP_CCOP) {
eaa728ee
FB		 288 if ((unsigned)env->cc_op < CC_OP_NB)
289 snprintf(cc_op_name, sizeof(cc_op_name), "%s", cc_op_str[env->cc_op]);
290 else
291 snprintf(cc_op_name, sizeof(cc_op_name), "[%d]", env->cc_op);
292#ifdef TARGET_X86_64
293 if (env->hflags & HF_CS64_MASK) {
294 cpu_fprintf(f, "CCS=%016" PRIx64 " CCD=%016" PRIx64 " CCO=%-8s\n",
295 env->cc_src, env->cc_dst,
296 cc_op_name);
297 } else
298#endif
299 {
300 cpu_fprintf(f, "CCS=%08x CCD=%08x CCO=%-8s\n",
301 (uint32_t)env->cc_src, (uint32_t)env->cc_dst,
302 cc_op_name);
303 }
7e84c249 304 }
b5e5a934 305 cpu_fprintf(f, "EFER=%016" PRIx64 "\n", env->efer);
6fd2a026 306 if (flags & CPU_DUMP_FPU) {
eaa728ee
FB		 307 int fptag;
308 fptag = 0;
309 for(i = 0; i < 8; i++) {
310 fptag |= ((!env->fptags[i]) << i);
311 }
312 cpu_fprintf(f, "FCW=%04x FSW=%04x [ST=%d] FTW=%02x MXCSR=%08x\n",
313 env->fpuc,
314 (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11,
315 env->fpstt,
316 fptag,
317 env->mxcsr);
318 for(i=0;i<8;i++) {
1ffd41ee
AJ		 319 CPU_LDoubleU u;
320 u.d = env->fpregs[i].d;
eaa728ee 321 cpu_fprintf(f, "FPR%d=%016" PRIx64 " %04x",
1ffd41ee 322 i, u.l.lower, u.l.upper);
eaa728ee
FB		 323 if ((i & 1) == 1)
324 cpu_fprintf(f, "\n");
325 else
326 cpu_fprintf(f, " ");
327 }
328 if (env->hflags & HF_CS64_MASK)
329 nb = 16;
330 else
331 nb = 8;
332 for(i=0;i<nb;i++) {
333 cpu_fprintf(f, "XMM%02d=%08x%08x%08x%08x",
334 i,
335 env->xmm_regs[i].XMM_L(3),
336 env->xmm_regs[i].XMM_L(2),
337 env->xmm_regs[i].XMM_L(1),
338 env->xmm_regs[i].XMM_L(0));
339 if ((i & 1) == 1)
340 cpu_fprintf(f, "\n");
341 else
342 cpu_fprintf(f, " ");
343 }
7e84c249 344 }
f5c848ee
JK		 345 if (flags & CPU_DUMP_CODE) {
346 target_ulong base = env->segs[R_CS].base + env->eip;
347 target_ulong offs = MIN(env->eip, DUMP_CODE_BYTES_BACKWARD);
348 uint8_t code;
349 char codestr[3];
350
351 cpu_fprintf(f, "Code=");
352 for (i = 0; i < DUMP_CODE_BYTES_TOTAL; i++) {
353 if (cpu_memory_rw_debug(env, base - offs + i, &code, 1, 0) == 0) {
354 snprintf(codestr, sizeof(codestr), "%02x", code);
355 } else {
356 snprintf(codestr, sizeof(codestr), "??");
357 }
358 cpu_fprintf(f, "%s%s%s%s", i > 0 ? " " : "",
359 i == offs ? "<" : "", codestr, i == offs ? ">" : "");
360 }
361 cpu_fprintf(f, "\n");
362 }
2c0262af 363}
7e84c249 364
eaa728ee
FB		 365/***********************************************************/
366/* x86 mmu */
367/* XXX: add PGE support */
368
cc36a7a2 369void x86_cpu_set_a20(X86CPU *cpu, int a20_state)
2c0262af 370{
cc36a7a2
AF		 371 CPUX86State *env = &cpu->env;
372
eaa728ee
FB		 373 a20_state = (a20_state != 0);
374 if (a20_state != ((env->a20_mask >> 20) & 1)) {
375#if defined(DEBUG_MMU)
376 printf("A20 update: a20=%d\n", a20_state);
377#endif
378 /* if the cpu is currently executing code, we must unlink it and
379 all the potentially executing TB */
380 cpu_interrupt(env, CPU_INTERRUPT_EXITTB);
3b46e624 381
eaa728ee
FB		 382 /* when a20 is changed, all the MMU mappings are invalid, so
383 we must flush everything */
384 tlb_flush(env, 1);
5ee0ffaa 385 env->a20_mask = ~(1 << 20) | (a20_state << 20);
7e84c249 386 }
2c0262af
FB		 387}
388
eaa728ee 389void cpu_x86_update_cr0(CPUX86State *env, uint32_t new_cr0)
2c0262af 390{
eaa728ee 391 int pe_state;
2c0262af 392
eaa728ee
FB		 393#if defined(DEBUG_MMU)
394 printf("CR0 update: CR0=0x%08x\n", new_cr0);
395#endif
396 if ((new_cr0 & (CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK)) !=
397 (env->cr[0] & (CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK))) {
398 tlb_flush(env, 1);
399 }
2c0262af 400
eaa728ee
FB		 401#ifdef TARGET_X86_64
402 if (!(env->cr[0] & CR0_PG_MASK) && (new_cr0 & CR0_PG_MASK) &&
403 (env->efer & MSR_EFER_LME)) {
404 /* enter in long mode */
405 /* XXX: generate an exception */
406 if (!(env->cr[4] & CR4_PAE_MASK))
407 return;
408 env->efer |= MSR_EFER_LMA;
409 env->hflags |= HF_LMA_MASK;
410 } else if ((env->cr[0] & CR0_PG_MASK) && !(new_cr0 & CR0_PG_MASK) &&
411 (env->efer & MSR_EFER_LMA)) {
412 /* exit long mode */
413 env->efer &= ~MSR_EFER_LMA;
414 env->hflags &= ~(HF_LMA_MASK | HF_CS64_MASK);
415 env->eip &= 0xffffffff;
416 }
417#endif
418 env->cr[0] = new_cr0 | CR0_ET_MASK;
7e84c249 419
eaa728ee
FB		 420 /* update PE flag in hidden flags */
421 pe_state = (env->cr[0] & CR0_PE_MASK);
422 env->hflags = (env->hflags & ~HF_PE_MASK) | (pe_state << HF_PE_SHIFT);
423 /* ensure that ADDSEG is always set in real mode */
424 env->hflags |= ((pe_state ^ 1) << HF_ADDSEG_SHIFT);
425 /* update FPU flags */
426 env->hflags = (env->hflags & ~(HF_MP_MASK | HF_EM_MASK | HF_TS_MASK)) |
427 ((new_cr0 << (HF_MP_SHIFT - 1)) & (HF_MP_MASK | HF_EM_MASK | HF_TS_MASK));
7e84c249
FB		 428}
429
eaa728ee
FB		 430/* XXX: in legacy PAE mode, generate a GPF if reserved bits are set in
431 the PDPT */
432void cpu_x86_update_cr3(CPUX86State *env, target_ulong new_cr3)
7e84c249 433{
eaa728ee
FB		 434 env->cr[3] = new_cr3;
435 if (env->cr[0] & CR0_PG_MASK) {
436#if defined(DEBUG_MMU)
437 printf("CR3 update: CR3=" TARGET_FMT_lx "\n", new_cr3);
438#endif
439 tlb_flush(env, 0);
440 }
7e84c249
FB		 441}
442
eaa728ee 443void cpu_x86_update_cr4(CPUX86State *env, uint32_t new_cr4)
7e84c249 444{
eaa728ee
FB		 445#if defined(DEBUG_MMU)
446 printf("CR4 update: CR4=%08x\n", (uint32_t)env->cr[4]);
447#endif
a9321a4d
PA		 448 if ((new_cr4 ^ env->cr[4]) &
449 (CR4_PGE_MASK | CR4_PAE_MASK | CR4_PSE_MASK |
450 CR4_SMEP_MASK | CR4_SMAP_MASK)) {
eaa728ee
FB		 451 tlb_flush(env, 1);
452 }
453 /* SSE handling */
a9321a4d 454 if (!(env->cpuid_features & CPUID_SSE)) {
eaa728ee 455 new_cr4 &= ~CR4_OSFXSR_MASK;
a9321a4d
PA		 456 }
457 env->hflags &= ~HF_OSFXSR_MASK;
458 if (new_cr4 & CR4_OSFXSR_MASK) {
eaa728ee 459 env->hflags |= HF_OSFXSR_MASK;
a9321a4d
PA		 460 }
461
462 if (!(env->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP)) {
463 new_cr4 &= ~CR4_SMAP_MASK;
464 }
465 env->hflags &= ~HF_SMAP_MASK;
466 if (new_cr4 & CR4_SMAP_MASK) {
467 env->hflags |= HF_SMAP_MASK;
468 }
b8b6a50b 469
eaa728ee 470 env->cr[4] = new_cr4;
b8b6a50b
FB		 471}
472
eaa728ee
FB		 473#if defined(CONFIG_USER_ONLY)
474
475int cpu_x86_handle_mmu_fault(CPUX86State *env, target_ulong addr,
97b348e7 476 int is_write, int mmu_idx)
b8b6a50b 477{
eaa728ee
FB		 478 /* user mode only emulation */
479 is_write &= 1;
480 env->cr[2] = addr;
481 env->error_code = (is_write << PG_ERROR_W_BIT);
482 env->error_code |= PG_ERROR_U_MASK;
483 env->exception_index = EXCP0E_PAGE;
484 return 1;
2c0262af
FB		 485}
486
8d7b0fbb 487#else
891b38e4 488
eaa728ee
FB		 489/* XXX: This value should match the one returned by CPUID
490 * and in exec.c */
eaa728ee 491# if defined(TARGET_X86_64)
2c90d794 492# define PHYS_ADDR_MASK 0xfffffff000LL
eaa728ee 493# else
2c90d794 494# define PHYS_ADDR_MASK 0xffffff000LL
eaa728ee 495# endif
eaa728ee
FB		 496
497/* return value:
498 -1 = cannot handle fault
499 0 = nothing more to do
500 1 = generate PF fault
eaa728ee
FB		 501*/
502int cpu_x86_handle_mmu_fault(CPUX86State *env, target_ulong addr,
97b348e7 503 int is_write1, int mmu_idx)
eaa728ee
FB		 504{
505 uint64_t ptep, pte;
506 target_ulong pde_addr, pte_addr;
d4c430a8 507 int error_code, is_dirty, prot, page_size, is_write, is_user;
a8170e5e 508 hwaddr paddr;
eaa728ee
FB		 509 uint32_t page_offset;
510 target_ulong vaddr, virt_addr;
511
512 is_user = mmu_idx == MMU_USER_IDX;
513#if defined(DEBUG_MMU)
514 printf("MMU fault: addr=" TARGET_FMT_lx " w=%d u=%d eip=" TARGET_FMT_lx "\n",
515 addr, is_write1, is_user, env->eip);
516#endif
517 is_write = is_write1 & 1;
518
519 if (!(env->cr[0] & CR0_PG_MASK)) {
520 pte = addr;
521 virt_addr = addr & TARGET_PAGE_MASK;
522 prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
523 page_size = 4096;
524 goto do_mapping;
525 }
526
527 if (env->cr[4] & CR4_PAE_MASK) {
528 uint64_t pde, pdpe;
529 target_ulong pdpe_addr;
2c0262af 530
eaa728ee
FB		 531#ifdef TARGET_X86_64
532 if (env->hflags & HF_LMA_MASK) {
533 uint64_t pml4e_addr, pml4e;
534 int32_t sext;
535
536 /* test virtual address sign extension */
537 sext = (int64_t)addr >> 47;
538 if (sext != 0 && sext != -1) {
539 env->error_code = 0;
540 env->exception_index = EXCP0D_GPF;
541 return 1;
542 }
0573fbfc 543
eaa728ee
FB		 544 pml4e_addr = ((env->cr[3] & ~0xfff) + (((addr >> 39) & 0x1ff) << 3)) &
545 env->a20_mask;
546 pml4e = ldq_phys(pml4e_addr);
547 if (!(pml4e & PG_PRESENT_MASK)) {
548 error_code = 0;
549 goto do_fault;
550 }
551 if (!(env->efer & MSR_EFER_NXE) && (pml4e & PG_NX_MASK)) {
552 error_code = PG_ERROR_RSVD_MASK;
553 goto do_fault;
554 }
555 if (!(pml4e & PG_ACCESSED_MASK)) {
556 pml4e |= PG_ACCESSED_MASK;
557 stl_phys_notdirty(pml4e_addr, pml4e);
558 }
559 ptep = pml4e ^ PG_NX_MASK;
560 pdpe_addr = ((pml4e & PHYS_ADDR_MASK) + (((addr >> 30) & 0x1ff) << 3)) &
561 env->a20_mask;
562 pdpe = ldq_phys(pdpe_addr);
563 if (!(pdpe & PG_PRESENT_MASK)) {
564 error_code = 0;
565 goto do_fault;
566 }
567 if (!(env->efer & MSR_EFER_NXE) && (pdpe & PG_NX_MASK)) {
568 error_code = PG_ERROR_RSVD_MASK;
569 goto do_fault;
570 }
571 ptep &= pdpe ^ PG_NX_MASK;
572 if (!(pdpe & PG_ACCESSED_MASK)) {
573 pdpe |= PG_ACCESSED_MASK;
574 stl_phys_notdirty(pdpe_addr, pdpe);
575 }
576 } else
577#endif
578 {
579 /* XXX: load them when cr3 is loaded ? */
580 pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 27) & 0x18)) &
581 env->a20_mask;
582 pdpe = ldq_phys(pdpe_addr);
583 if (!(pdpe & PG_PRESENT_MASK)) {
584 error_code = 0;
585 goto do_fault;
586 }
587 ptep = PG_NX_MASK | PG_USER_MASK | PG_RW_MASK;
7e84c249 588 }
7e84c249 589
eaa728ee
FB		 590 pde_addr = ((pdpe & PHYS_ADDR_MASK) + (((addr >> 21) & 0x1ff) << 3)) &
591 env->a20_mask;
592 pde = ldq_phys(pde_addr);
593 if (!(pde & PG_PRESENT_MASK)) {
594 error_code = 0;
595 goto do_fault;
596 }
597 if (!(env->efer & MSR_EFER_NXE) && (pde & PG_NX_MASK)) {
598 error_code = PG_ERROR_RSVD_MASK;
599 goto do_fault;
600 }
601 ptep &= pde ^ PG_NX_MASK;
602 if (pde & PG_PSE_MASK) {
603 /* 2 MB page */
604 page_size = 2048 * 1024;
605 ptep ^= PG_NX_MASK;
a9321a4d 606 if ((ptep & PG_NX_MASK) && is_write1 == 2) {
eaa728ee 607 goto do_fault_protect;
a9321a4d
PA		 608 }
609 switch (mmu_idx) {
610 case MMU_USER_IDX:
611 if (!(ptep & PG_USER_MASK)) {
eaa728ee 612 goto do_fault_protect;
a9321a4d
PA		 613 }
614 if (is_write && !(ptep & PG_RW_MASK)) {
eaa728ee 615 goto do_fault_protect;
a9321a4d
PA		 616 }
617 break;
618
619 case MMU_KERNEL_IDX:
620 if (is_write1 != 2 && (env->cr[4] & CR4_SMAP_MASK) &&
621 (ptep & PG_USER_MASK)) {
622 goto do_fault_protect;
623 }
624 /* fall through */
625 case MMU_KSMAP_IDX:
626 if (is_write1 == 2 && (env->cr[4] & CR4_SMEP_MASK) &&
627 (ptep & PG_USER_MASK)) {
628 goto do_fault_protect;
629 }
eaa728ee 630 if ((env->cr[0] & CR0_WP_MASK) &&
a9321a4d 631 is_write && !(ptep & PG_RW_MASK)) {
eaa728ee 632 goto do_fault_protect;
a9321a4d
PA		 633 }
634 break;
635
636 default: /* cannot happen */
637 break;
eaa728ee
FB		 638 }
639 is_dirty = is_write && !(pde & PG_DIRTY_MASK);
640 if (!(pde & PG_ACCESSED_MASK) || is_dirty) {
641 pde |= PG_ACCESSED_MASK;
642 if (is_dirty)
643 pde |= PG_DIRTY_MASK;
644 stl_phys_notdirty(pde_addr, pde);
645 }
646 /* align to page_size */
647 pte = pde & ((PHYS_ADDR_MASK & ~(page_size - 1)) | 0xfff);
648 virt_addr = addr & ~(page_size - 1);
649 } else {
650 /* 4 KB page */
651 if (!(pde & PG_ACCESSED_MASK)) {
652 pde |= PG_ACCESSED_MASK;
653 stl_phys_notdirty(pde_addr, pde);
654 }
655 pte_addr = ((pde & PHYS_ADDR_MASK) + (((addr >> 12) & 0x1ff) << 3)) &
656 env->a20_mask;
657 pte = ldq_phys(pte_addr);
658 if (!(pte & PG_PRESENT_MASK)) {
659 error_code = 0;
660 goto do_fault;
661 }
662 if (!(env->efer & MSR_EFER_NXE) && (pte & PG_NX_MASK)) {
663 error_code = PG_ERROR_RSVD_MASK;
664 goto do_fault;
665 }
666 /* combine pde and pte nx, user and rw protections */
667 ptep &= pte ^ PG_NX_MASK;
668 ptep ^= PG_NX_MASK;
669 if ((ptep & PG_NX_MASK) && is_write1 == 2)
670 goto do_fault_protect;
a9321a4d
PA		 671 switch (mmu_idx) {
672 case MMU_USER_IDX:
673 if (!(ptep & PG_USER_MASK)) {
eaa728ee 674 goto do_fault_protect;
a9321a4d
PA		 675 }
676 if (is_write && !(ptep & PG_RW_MASK)) {
eaa728ee 677 goto do_fault_protect;
a9321a4d
PA		 678 }
679 break;
680
681 case MMU_KERNEL_IDX:
682 if (is_write1 != 2 && (env->cr[4] & CR4_SMAP_MASK) &&
683 (ptep & PG_USER_MASK)) {
684 goto do_fault_protect;
685 }
686 /* fall through */
687 case MMU_KSMAP_IDX:
688 if (is_write1 == 2 && (env->cr[4] & CR4_SMEP_MASK) &&
689 (ptep & PG_USER_MASK)) {
690 goto do_fault_protect;
691 }
eaa728ee 692 if ((env->cr[0] & CR0_WP_MASK) &&
a9321a4d 693 is_write && !(ptep & PG_RW_MASK)) {
eaa728ee 694 goto do_fault_protect;
a9321a4d
PA		 695 }
696 break;
697
698 default: /* cannot happen */
699 break;
eaa728ee
FB		 700 }
701 is_dirty = is_write && !(pte & PG_DIRTY_MASK);
702 if (!(pte & PG_ACCESSED_MASK) || is_dirty) {
703 pte |= PG_ACCESSED_MASK;
704 if (is_dirty)
705 pte |= PG_DIRTY_MASK;
706 stl_phys_notdirty(pte_addr, pte);
707 }
708 page_size = 4096;
709 virt_addr = addr & ~0xfff;
710 pte = pte & (PHYS_ADDR_MASK | 0xfff);
7e84c249 711 }
2c0262af 712 } else {
eaa728ee
FB		 713 uint32_t pde;
714
715 /* page directory entry */
716 pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & 0xffc)) &
717 env->a20_mask;
718 pde = ldl_phys(pde_addr);
719 if (!(pde & PG_PRESENT_MASK)) {
720 error_code = 0;
721 goto do_fault;
722 }
723 /* if PSE bit is set, then we use a 4MB page */
724 if ((pde & PG_PSE_MASK) && (env->cr[4] & CR4_PSE_MASK)) {
725 page_size = 4096 * 1024;
a9321a4d
PA		 726 switch (mmu_idx) {
727 case MMU_USER_IDX:
728 if (!(pde & PG_USER_MASK)) {
eaa728ee 729 goto do_fault_protect;
a9321a4d
PA		 730 }
731 if (is_write && !(pde & PG_RW_MASK)) {
eaa728ee 732 goto do_fault_protect;
a9321a4d
PA		 733 }
734 break;
735
736 case MMU_KERNEL_IDX:
737 if (is_write1 != 2 && (env->cr[4] & CR4_SMAP_MASK) &&
738 (pde & PG_USER_MASK)) {
739 goto do_fault_protect;
740 }
741 /* fall through */
742 case MMU_KSMAP_IDX:
743 if (is_write1 == 2 && (env->cr[4] & CR4_SMEP_MASK) &&
744 (pde & PG_USER_MASK)) {
745 goto do_fault_protect;
746 }
eaa728ee 747 if ((env->cr[0] & CR0_WP_MASK) &&
a9321a4d 748 is_write && !(pde & PG_RW_MASK)) {
eaa728ee 749 goto do_fault_protect;
a9321a4d
PA		 750 }
751 break;
752
753 default: /* cannot happen */
754 break;
eaa728ee
FB		 755 }
756 is_dirty = is_write && !(pde & PG_DIRTY_MASK);
757 if (!(pde & PG_ACCESSED_MASK) || is_dirty) {
758 pde |= PG_ACCESSED_MASK;
759 if (is_dirty)
760 pde |= PG_DIRTY_MASK;
761 stl_phys_notdirty(pde_addr, pde);
762 }
2c0262af 763
eaa728ee
FB		 764 pte = pde & ~( (page_size - 1) & ~0xfff); /* align to page_size */
765 ptep = pte;
766 virt_addr = addr & ~(page_size - 1);
767 } else {
768 if (!(pde & PG_ACCESSED_MASK)) {
769 pde |= PG_ACCESSED_MASK;
770 stl_phys_notdirty(pde_addr, pde);
771 }
891b38e4 772
eaa728ee
FB		 773 /* page directory entry */
774 pte_addr = ((pde & ~0xfff) + ((addr >> 10) & 0xffc)) &
775 env->a20_mask;
776 pte = ldl_phys(pte_addr);
777 if (!(pte & PG_PRESENT_MASK)) {
778 error_code = 0;
779 goto do_fault;
8e682019 780 }
eaa728ee
FB		 781 /* combine pde and pte user and rw protections */
782 ptep = pte & pde;
a9321a4d
PA		 783 switch (mmu_idx) {
784 case MMU_USER_IDX:
785 if (!(ptep & PG_USER_MASK)) {
eaa728ee 786 goto do_fault_protect;
a9321a4d
PA		 787 }
788 if (is_write && !(ptep & PG_RW_MASK)) {
eaa728ee 789 goto do_fault_protect;
a9321a4d
PA		 790 }
791 break;
792
793 case MMU_KERNEL_IDX:
794 if (is_write1 != 2 && (env->cr[4] & CR4_SMAP_MASK) &&
795 (ptep & PG_USER_MASK)) {
796 goto do_fault_protect;
797 }
798 /* fall through */
799 case MMU_KSMAP_IDX:
800 if (is_write1 == 2 && (env->cr[4] & CR4_SMEP_MASK) &&
801 (ptep & PG_USER_MASK)) {
802 goto do_fault_protect;
803 }
eaa728ee 804 if ((env->cr[0] & CR0_WP_MASK) &&
a9321a4d 805 is_write && !(ptep & PG_RW_MASK)) {
eaa728ee 806 goto do_fault_protect;
a9321a4d
PA		 807 }
808 break;
809
810 default: /* cannot happen */
811 break;
8e682019 812 }
eaa728ee
FB		 813 is_dirty = is_write && !(pte & PG_DIRTY_MASK);
814 if (!(pte & PG_ACCESSED_MASK) || is_dirty) {
815 pte |= PG_ACCESSED_MASK;
816 if (is_dirty)
817 pte |= PG_DIRTY_MASK;
818 stl_phys_notdirty(pte_addr, pte);
819 }
820 page_size = 4096;
821 virt_addr = addr & ~0xfff;
2c0262af
FB		 822 }
823 }
eaa728ee
FB		 824 /* the page can be put in the TLB */
825 prot = PAGE_READ;
826 if (!(ptep & PG_NX_MASK))
827 prot |= PAGE_EXEC;
828 if (pte & PG_DIRTY_MASK) {
829 /* only set write access if already dirty... otherwise wait
830 for dirty access */
831 if (is_user) {
832 if (ptep & PG_RW_MASK)
833 prot |= PAGE_WRITE;
834 } else {
835 if (!(env->cr[0] & CR0_WP_MASK) ||
836 (ptep & PG_RW_MASK))
837 prot |= PAGE_WRITE;
8e682019 838 }
891b38e4 839 }
eaa728ee
FB		 840 do_mapping:
841 pte = pte & env->a20_mask;
842
843 /* Even if 4MB pages, we map only one 4KB page in the cache to
844 avoid filling it too fast */
845 page_offset = (addr & TARGET_PAGE_MASK) & (page_size - 1);
846 paddr = (pte & TARGET_PAGE_MASK) + page_offset;
847 vaddr = virt_addr + page_offset;
848
d4c430a8
PB		 849 tlb_set_page(env, vaddr, paddr, prot, mmu_idx, page_size);
850 return 0;
eaa728ee
FB		 851 do_fault_protect:
852 error_code = PG_ERROR_P_MASK;
853 do_fault:
854 error_code |= (is_write << PG_ERROR_W_BIT);
855 if (is_user)
856 error_code |= PG_ERROR_U_MASK;
857 if (is_write1 == 2 &&
a9321a4d
PA		 858 (((env->efer & MSR_EFER_NXE) &&
859 (env->cr[4] & CR4_PAE_MASK)) ||
860 (env->cr[4] & CR4_SMEP_MASK)))
eaa728ee 861 error_code |= PG_ERROR_I_D_MASK;
872929aa
FB		 862 if (env->intercept_exceptions & (1 << EXCP0E_PAGE)) {
863 /* cr2 is not modified in case of exceptions */
864 stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2),
865 addr);
eaa728ee
FB		 866 } else {
867 env->cr[2] = addr;
2c0262af 868 }
eaa728ee
FB		 869 env->error_code = error_code;
870 env->exception_index = EXCP0E_PAGE;
eaa728ee 871 return 1;
14ce26e7
FB		 872}
873
a8170e5e 874hwaddr cpu_get_phys_page_debug(CPUX86State *env, target_ulong addr)
14ce26e7 875{
eaa728ee
FB		 876 target_ulong pde_addr, pte_addr;
877 uint64_t pte;
a8170e5e 878 hwaddr paddr;
eaa728ee
FB		 879 uint32_t page_offset;
880 int page_size;
14ce26e7 881
eaa728ee
FB		 882 if (env->cr[4] & CR4_PAE_MASK) {
883 target_ulong pdpe_addr;
884 uint64_t pde, pdpe;
14ce26e7 885
eaa728ee
FB		 886#ifdef TARGET_X86_64
887 if (env->hflags & HF_LMA_MASK) {
888 uint64_t pml4e_addr, pml4e;
889 int32_t sext;
890
891 /* test virtual address sign extension */
892 sext = (int64_t)addr >> 47;
893 if (sext != 0 && sext != -1)
894 return -1;
895
896 pml4e_addr = ((env->cr[3] & ~0xfff) + (((addr >> 39) & 0x1ff) << 3)) &
897 env->a20_mask;
898 pml4e = ldq_phys(pml4e_addr);
899 if (!(pml4e & PG_PRESENT_MASK))
900 return -1;
901
3f2cbf0d
JK		 902 pdpe_addr = ((pml4e & ~0xfff & ~(PG_NX_MASK | PG_HI_USER_MASK)) +
903 (((addr >> 30) & 0x1ff) << 3)) & env->a20_mask;
eaa728ee
FB		 904 pdpe = ldq_phys(pdpe_addr);
905 if (!(pdpe & PG_PRESENT_MASK))
906 return -1;
907 } else
908#endif
909 {
910 pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 27) & 0x18)) &
911 env->a20_mask;
912 pdpe = ldq_phys(pdpe_addr);
913 if (!(pdpe & PG_PRESENT_MASK))
914 return -1;
14ce26e7 915 }
14ce26e7 916
3f2cbf0d
JK		 917 pde_addr = ((pdpe & ~0xfff & ~(PG_NX_MASK | PG_HI_USER_MASK)) +
918 (((addr >> 21) & 0x1ff) << 3)) & env->a20_mask;
eaa728ee
FB		 919 pde = ldq_phys(pde_addr);
920 if (!(pde & PG_PRESENT_MASK)) {
921 return -1;
922 }
923 if (pde & PG_PSE_MASK) {
924 /* 2 MB page */
925 page_size = 2048 * 1024;
926 pte = pde & ~( (page_size - 1) & ~0xfff); /* align to page_size */
927 } else {
928 /* 4 KB page */
3f2cbf0d
JK		 929 pte_addr = ((pde & ~0xfff & ~(PG_NX_MASK | PG_HI_USER_MASK)) +
930 (((addr >> 12) & 0x1ff) << 3)) & env->a20_mask;
eaa728ee
FB		 931 page_size = 4096;
932 pte = ldq_phys(pte_addr);
933 }
3f2cbf0d 934 pte &= ~(PG_NX_MASK | PG_HI_USER_MASK);
ca1c9e15
AL		 935 if (!(pte & PG_PRESENT_MASK))
936 return -1;
14ce26e7 937 } else {
eaa728ee 938 uint32_t pde;
3b46e624 939
eaa728ee
FB		 940 if (!(env->cr[0] & CR0_PG_MASK)) {
941 pte = addr;
942 page_size = 4096;
943 } else {
944 /* page directory entry */
945 pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & 0xffc)) & env->a20_mask;
946 pde = ldl_phys(pde_addr);
947 if (!(pde & PG_PRESENT_MASK))
948 return -1;
949 if ((pde & PG_PSE_MASK) && (env->cr[4] & CR4_PSE_MASK)) {
950 pte = pde & ~0x003ff000; /* align to 4MB */
951 page_size = 4096 * 1024;
952 } else {
953 /* page directory entry */
954 pte_addr = ((pde & ~0xfff) + ((addr >> 10) & 0xffc)) & env->a20_mask;
955 pte = ldl_phys(pte_addr);
956 if (!(pte & PG_PRESENT_MASK))
957 return -1;
958 page_size = 4096;
959 }
960 }
961 pte = pte & env->a20_mask;
14ce26e7 962 }
14ce26e7 963
eaa728ee
FB		 964 page_offset = (addr & TARGET_PAGE_MASK) & (page_size - 1);
965 paddr = (pte & TARGET_PAGE_MASK) + page_offset;
966 return paddr;
3b21e03e 967}
01df040b 968
317ac620 969void hw_breakpoint_insert(CPUX86State *env, int index)
01df040b 970{
1cc21a18 971 int type = 0, err = 0;
01df040b
AL		 972
973 switch (hw_breakpoint_type(env->dr[7], index)) {
428065ce 974 case DR7_TYPE_BP_INST:
5902564a 975 if (hw_breakpoint_enabled(env->dr[7], index)) {
01df040b
AL		 976 err = cpu_breakpoint_insert(env, env->dr[index], BP_CPU,
977 &env->cpu_breakpoint[index]);
5902564a 978 }
01df040b 979 break;
428065ce 980 case DR7_TYPE_DATA_WR:
01df040b 981 type = BP_CPU | BP_MEM_WRITE;
1cc21a18 982 break;
428065ce 983 case DR7_TYPE_IO_RW:
1cc21a18 984 /* No support for I/O watchpoints yet */
01df040b 985 break;
428065ce 986 case DR7_TYPE_DATA_RW:
01df040b 987 type = BP_CPU | BP_MEM_ACCESS;
1cc21a18 988 break;
989 }
990
991 if (type != 0) {
01df040b
AL		 992 err = cpu_watchpoint_insert(env, env->dr[index],
993 hw_breakpoint_len(env->dr[7], index),
994 type, &env->cpu_watchpoint[index]);
01df040b 995 }
1cc21a18 996
997 if (err) {
01df040b 998 env->cpu_breakpoint[index] = NULL;
1cc21a18 999 }
01df040b
AL		 1000}
1001
317ac620 1002void hw_breakpoint_remove(CPUX86State *env, int index)
01df040b
AL		 1003{
1004 if (!env->cpu_breakpoint[index])
1005 return;
1006 switch (hw_breakpoint_type(env->dr[7], index)) {
428065ce 1007 case DR7_TYPE_BP_INST:
5902564a 1008 if (hw_breakpoint_enabled(env->dr[7], index)) {
01df040b 1009 cpu_breakpoint_remove_by_ref(env, env->cpu_breakpoint[index]);
5902564a 1010 }
01df040b 1011 break;
428065ce 1012 case DR7_TYPE_DATA_WR:
1013 case DR7_TYPE_DATA_RW:
01df040b
AL		 1014 cpu_watchpoint_remove_by_ref(env, env->cpu_watchpoint[index]);
1015 break;
428065ce 1016 case DR7_TYPE_IO_RW:
01df040b
AL		 1017 /* No support for I/O watchpoints yet */
1018 break;
1019 }
1020}
1021
e175bce5 1022bool check_hw_breakpoints(CPUX86State *env, bool force_dr6_update)
01df040b
AL		 1023{
1024 target_ulong dr6;
e175bce5 1025 int reg;
1026 bool hit_enabled = false;
01df040b
AL		 1027
1028 dr6 = env->dr[6] & ~0xf;
428065ce 1029 for (reg = 0; reg < DR7_MAX_BP; reg++) {
e175bce5 1030 bool bp_match = false;
1031 bool wp_match = false;
1032
1033 switch (hw_breakpoint_type(env->dr[7], reg)) {
1034 case DR7_TYPE_BP_INST:
1035 if (env->dr[reg] == env->eip) {
1036 bp_match = true;
1037 }
1038 break;
1039 case DR7_TYPE_DATA_WR:
1040 case DR7_TYPE_DATA_RW:
1041 if (env->cpu_watchpoint[reg] &&
1042 env->cpu_watchpoint[reg]->flags & BP_WATCHPOINT_HIT) {
1043 wp_match = true;
1044 }
1045 break;
1046 case DR7_TYPE_IO_RW:
1047 break;
1048 }
1049 if (bp_match || wp_match) {
01df040b 1050 dr6 |= 1 << reg;
5902564a 1051 if (hw_breakpoint_enabled(env->dr[7], reg)) {
e175bce5 1052 hit_enabled = true;
5902564a 1053 }
01df040b
AL		 1054 }
1055 }
e175bce5 1056
1057 if (hit_enabled || force_dr6_update) {
01df040b 1058 env->dr[6] = dr6;
e175bce5 1059 }
1060
01df040b
AL		 1061 return hit_enabled;
1062}
1063
d65e9815 1064void breakpoint_handler(CPUX86State *env)
01df040b
AL		 1065{
1066 CPUBreakpoint *bp;
1067
1068 if (env->watchpoint_hit) {
1069 if (env->watchpoint_hit->flags & BP_CPU) {
1070 env->watchpoint_hit = NULL;
e175bce5 1071 if (check_hw_breakpoints(env, false)) {
77b2bc2c 1072 raise_exception(env, EXCP01_DB);
e175bce5 1073 } else {
01df040b 1074 cpu_resume_from_signal(env, NULL);
e175bce5 1075 }
01df040b
AL		 1076 }
1077 } else {
72cf2d4f 1078 QTAILQ_FOREACH(bp, &env->breakpoints, entry)
01df040b
AL		 1079 if (bp->pc == env->eip) {
1080 if (bp->flags & BP_CPU) {
e175bce5 1081 check_hw_breakpoints(env, true);
77b2bc2c 1082 raise_exception(env, EXCP01_DB);
01df040b
AL		 1083 }
1084 break;
1085 }
1086 }
01df040b 1087}
79c4f6b0 1088
d5bfda33
JK		 1089typedef struct MCEInjectionParams {
1090 Monitor *mon;
55e5c285 1091 X86CPU *cpu;
d5bfda33
JK		 1092 int bank;
1093 uint64_t status;
1094 uint64_t mcg_status;
1095 uint64_t addr;
1096 uint64_t misc;
1097 int flags;
1098} MCEInjectionParams;
1099
1100static void do_inject_x86_mce(void *data)
79c4f6b0 1101{
d5bfda33 1102 MCEInjectionParams *params = data;
55e5c285
AF		 1103 CPUX86State *cenv = &params->cpu->env;
1104 CPUState *cpu = CPU(params->cpu);
d5bfda33
JK		 1105 uint64_t *banks = cenv->mce_banks + 4 * params->bank;
1106
1107 cpu_synchronize_state(cenv);
316378e4 1108
747461c7
JK		 1109 /*
1110 * If there is an MCE exception being processed, ignore this SRAO MCE
1111 * unless unconditional injection was requested.
1112 */
d5bfda33
JK		 1113 if (!(params->flags & MCE_INJECT_UNCOND_AO)
1114 && !(params->status & MCI_STATUS_AR)
747461c7
JK		 1115 && (cenv->mcg_status & MCG_STATUS_MCIP)) {
1116 return;
1117 }
d5bfda33
JK		 1118
1119 if (params->status & MCI_STATUS_UC) {
316378e4
JK		 1120 /*
1121 * if MSR_MCG_CTL is not all 1s, the uncorrected error
1122 * reporting is disabled
1123 */
d5bfda33
JK		 1124 if ((cenv->mcg_cap & MCG_CTL_P) && cenv->mcg_ctl != ~(uint64_t)0) {
1125 monitor_printf(params->mon,
316378e4 1126 "CPU %d: Uncorrected error reporting disabled\n",
55e5c285 1127 cpu->cpu_index);
316378e4
JK		 1128 return;
1129 }
1130
1131 /*
1132 * if MSR_MCi_CTL is not all 1s, the uncorrected error
1133 * reporting is disabled for the bank
1134 */
1135 if (banks[0] != ~(uint64_t)0) {
d5bfda33
JK		 1136 monitor_printf(params->mon,
1137 "CPU %d: Uncorrected error reporting disabled for"
1138 " bank %d\n",
55e5c285 1139 cpu->cpu_index, params->bank);
316378e4
JK		 1140 return;
1141 }
1142
79c4f6b0
HY		 1143 if ((cenv->mcg_status & MCG_STATUS_MCIP) ||
1144 !(cenv->cr[4] & CR4_MCE_MASK)) {
d5bfda33
JK		 1145 monitor_printf(params->mon,
1146 "CPU %d: Previous MCE still in progress, raising"
1147 " triple fault\n",
55e5c285 1148 cpu->cpu_index);
79c4f6b0
HY		 1149 qemu_log_mask(CPU_LOG_RESET, "Triple fault\n");
1150 qemu_system_reset_request();
1151 return;
1152 }
2fa11da0 1153 if (banks[1] & MCI_STATUS_VAL) {
d5bfda33 1154 params->status |= MCI_STATUS_OVER;
2fa11da0 1155 }
d5bfda33
JK		 1156 banks[2] = params->addr;
1157 banks[3] = params->misc;
1158 cenv->mcg_status = params->mcg_status;
1159 banks[1] = params->status;
79c4f6b0
HY		 1160 cpu_interrupt(cenv, CPU_INTERRUPT_MCE);
1161 } else if (!(banks[1] & MCI_STATUS_VAL)
1162 || !(banks[1] & MCI_STATUS_UC)) {
2fa11da0 1163 if (banks[1] & MCI_STATUS_VAL) {
d5bfda33 1164 params->status |= MCI_STATUS_OVER;
2fa11da0 1165 }
d5bfda33
JK		 1166 banks[2] = params->addr;
1167 banks[3] = params->misc;
1168 banks[1] = params->status;
2fa11da0 1169 } else {
79c4f6b0 1170 banks[1] |= MCI_STATUS_OVER;
2fa11da0 1171 }
79c4f6b0 1172}
b3cd24e0 1173
8c5cf3b6 1174void cpu_x86_inject_mce(Monitor *mon, X86CPU *cpu, int bank,
316378e4 1175 uint64_t status, uint64_t mcg_status, uint64_t addr,
747461c7 1176 uint64_t misc, int flags)
b3cd24e0 1177{
8c5cf3b6 1178 CPUX86State *cenv = &cpu->env;
d5bfda33
JK		 1179 MCEInjectionParams params = {
1180 .mon = mon,
55e5c285 1181 .cpu = cpu,
d5bfda33
JK		 1182 .bank = bank,
1183 .status = status,
1184 .mcg_status = mcg_status,
1185 .addr = addr,
1186 .misc = misc,
1187 .flags = flags,
1188 };
b3cd24e0 1189 unsigned bank_num = cenv->mcg_cap & 0xff;
317ac620 1190 CPUX86State *env;
b3cd24e0 1191
316378e4
JK		 1192 if (!cenv->mcg_cap) {
1193 monitor_printf(mon, "MCE injection not supported\n");
b3cd24e0
JD		 1194 return;
1195 }
316378e4
JK		 1196 if (bank >= bank_num) {
1197 monitor_printf(mon, "Invalid MCE bank number\n");
1198 return;
1199 }
1200 if (!(status & MCI_STATUS_VAL)) {
1201 monitor_printf(mon, "Invalid MCE status code\n");
1202 return;
1203 }
747461c7
JK		 1204 if ((flags & MCE_INJECT_BROADCAST)
1205 && !cpu_x86_support_mca_broadcast(cenv)) {
316378e4
JK		 1206 monitor_printf(mon, "Guest CPU does not support MCA broadcast\n");
1207 return;
2bd3e04c
JD		 1208 }
1209
f100f0b3 1210 run_on_cpu(CPU(cpu), do_inject_x86_mce, &params);
c34d440a
JK		 1211 if (flags & MCE_INJECT_BROADCAST) {
1212 params.bank = 1;
1213 params.status = MCI_STATUS_VAL | MCI_STATUS_UC;
1214 params.mcg_status = MCG_STATUS_MCIP | MCG_STATUS_RIPV;
1215 params.addr = 0;
1216 params.misc = 0;
1217 for (env = first_cpu; env != NULL; env = env->next_cpu) {
1218 if (cenv == env) {
1219 continue;
31ce5e0c 1220 }
55e5c285 1221 params.cpu = x86_env_get_cpu(env);
f100f0b3 1222 run_on_cpu(CPU(cpu), do_inject_x86_mce, &params);
31ce5e0c 1223 }
b3cd24e0
JD		 1224 }
1225}
d362e757 1226
317ac620 1227void cpu_report_tpr_access(CPUX86State *env, TPRAccess access)
d362e757 1228{
d362e757
JK		 1229 if (kvm_enabled()) {
1230 env->tpr_access_type = access;
1231
1232 cpu_interrupt(env, CPU_INTERRUPT_TPR);
1233 } else {
a8a826a3 1234 cpu_restore_state(env, env->mem_io_pc);
d362e757
JK		 1235
1236 apic_handle_tpr_access_report(env->apic_state, env->eip, access);
1237 }
1238}
74ce674f 1239#endif /* !CONFIG_USER_ONLY */
6fd805e1 1240
84273177
JK		 1241int cpu_x86_get_descr_debug(CPUX86State *env, unsigned int selector,
1242 target_ulong *base, unsigned int *limit,
1243 unsigned int *flags)
1244{
1245 SegmentCache *dt;
1246 target_ulong ptr;
1247 uint32_t e1, e2;
1248 int index;
1249
1250 if (selector & 0x4)
1251 dt = &env->ldt;
1252 else
1253 dt = &env->gdt;
1254 index = selector & ~7;
1255 ptr = dt->base + index;
1256 if ((index + 7) > dt->limit
1257 || cpu_memory_rw_debug(env, ptr, (uint8_t *)&e1, sizeof(e1), 0) != 0
1258 || cpu_memory_rw_debug(env, ptr+4, (uint8_t *)&e2, sizeof(e2), 0) != 0)
1259 return 0;
1260
1261 *base = ((e1 >> 16) | ((e2 & 0xff) << 16) | (e2 & 0xff000000));
1262 *limit = (e1 & 0xffff) | (e2 & 0x000f0000);
1263 if (e2 & DESC_G_MASK)
1264 *limit = (*limit << 12) | 0xfff;
1265 *flags = e2;
1266
1267 return 1;
1268}
1269
b47ed996 1270X86CPU *cpu_x86_init(const char *cpu_model)
01df040b 1271{
5fd2087a 1272 X86CPU *cpu;
01df040b 1273 CPUX86State *env;
ff287bbd 1274 Error *error = NULL;
01df040b 1275
5fd2087a
AF		 1276 cpu = X86_CPU(object_new(TYPE_X86_CPU));
1277 env = &cpu->env;
01df040b
AL		 1278 env->cpu_model_str = cpu_model;
1279
61dcd775 1280 if (cpu_x86_register(cpu, cpu_model) < 0) {
5c099537 1281 object_unref(OBJECT(cpu));
01df040b
AL		 1282 return NULL;
1283 }
0bf46a40 1284
ff287bbd
IM		 1285 x86_cpu_realize(OBJECT(cpu), &error);
1286 if (error) {
1287 error_free(error);
5c099537 1288 object_unref(OBJECT(cpu));
ff287bbd
IM		 1289 return NULL;
1290 }
b47ed996 1291 return cpu;
01df040b 1292}
b09ea7d5
GN		 1293
1294#if !defined(CONFIG_USER_ONLY)
232fc23b 1295void do_cpu_init(X86CPU *cpu)
b09ea7d5 1296{
232fc23b 1297 CPUX86State *env = &cpu->env;
b09ea7d5 1298 int sipi = env->interrupt_request & CPU_INTERRUPT_SIPI;
ebda377f
JK		 1299 uint64_t pat = env->pat;
1300
232fc23b 1301 cpu_reset(CPU(cpu));
b09ea7d5 1302 env->interrupt_request = sipi;
ebda377f 1303 env->pat = pat;
4a942cea 1304 apic_init_reset(env->apic_state);
b09ea7d5
GN		 1305}
1306
232fc23b 1307void do_cpu_sipi(X86CPU *cpu)
b09ea7d5 1308{
232fc23b
AF		 1309 CPUX86State *env = &cpu->env;
1310
4a942cea 1311 apic_sipi(env->apic_state);
b09ea7d5
GN		 1312}
1313#else
232fc23b 1314void do_cpu_init(X86CPU *cpu)
b09ea7d5
GN		 1315{
1316}
232fc23b 1317void do_cpu_sipi(X86CPU *cpu)
b09ea7d5
GN		 1318{
1319}
1320#endif
Qemu copy for testing