direct-io.hg

view xen/arch/x86/hvm/platform.c @ 11077:4852b556d912

[HVM] More info when failing to emulate instruction group 1.
Signed-off-by: Keir Fraser <keir@xensource.com>
author kfraser@localhost.localdomain
date Mon Aug 14 11:18:37 2006 +0100 (2006-08-14)
parents dc7b56b8cfb5
children 0f917d63e960
line source
1 /*
2 * platform.c: handling x86 platform related MMIO instructions
3 *
4 * Copyright (c) 2004, Intel Corporation.
5 * Copyright (c) 2005, International Business Machines Corporation.
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms and conditions of the GNU General Public License,
9 * version 2, as published by the Free Software Foundation.
10 *
11 * This program is distributed in the hope it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
18 * Place - Suite 330, Boston, MA 02111-1307 USA.
19 */
21 #include <xen/config.h>
22 #include <xen/types.h>
23 #include <xen/mm.h>
24 #include <asm/shadow.h>
25 #include <xen/domain_page.h>
26 #include <asm/page.h>
27 #include <xen/event.h>
28 #include <xen/trace.h>
29 #include <xen/sched.h>
30 #include <asm/regs.h>
31 #include <asm/hvm/hvm.h>
32 #include <asm/hvm/support.h>
33 #include <public/hvm/ioreq.h>
35 #include <xen/lib.h>
36 #include <xen/sched.h>
37 #include <asm/current.h>
38 #if CONFIG_PAGING_LEVELS >= 3
39 #include <asm/shadow_64.h>
40 #endif
42 #define DECODE_success 1
43 #define DECODE_failure 0
45 #if defined (__x86_64__)
46 static inline long __get_reg_value(unsigned long reg, int size)
47 {
48 switch(size) {
49 case BYTE_64:
50 return (char)(reg & 0xFF);
51 case WORD:
52 return (short)(reg & 0xFFFF);
53 case LONG:
54 return (int)(reg & 0xFFFFFFFF);
55 case QUAD:
56 return (long)(reg);
57 default:
58 printf("Error: (__get_reg_value) Invalid reg size\n");
59 domain_crash_synchronous();
60 }
61 }
63 long get_reg_value(int size, int index, int seg, struct cpu_user_regs *regs)
64 {
65 if (size == BYTE) {
66 switch (index) {
67 case 0: /* %al */
68 return (char)(regs->rax & 0xFF);
69 case 1: /* %cl */
70 return (char)(regs->rcx & 0xFF);
71 case 2: /* %dl */
72 return (char)(regs->rdx & 0xFF);
73 case 3: /* %bl */
74 return (char)(regs->rbx & 0xFF);
75 case 4: /* %ah */
76 return (char)((regs->rax & 0xFF00) >> 8);
77 case 5: /* %ch */
78 return (char)((regs->rcx & 0xFF00) >> 8);
79 case 6: /* %dh */
80 return (char)((regs->rdx & 0xFF00) >> 8);
81 case 7: /* %bh */
82 return (char)((regs->rbx & 0xFF00) >> 8);
83 default:
84 printf("Error: (get_reg_value) Invalid index value\n");
85 domain_crash_synchronous();
86 }
87 /* NOTREACHED */
88 }
90 switch (index) {
91 case 0: return __get_reg_value(regs->rax, size);
92 case 1: return __get_reg_value(regs->rcx, size);
93 case 2: return __get_reg_value(regs->rdx, size);
94 case 3: return __get_reg_value(regs->rbx, size);
95 case 4: return __get_reg_value(regs->rsp, size);
96 case 5: return __get_reg_value(regs->rbp, size);
97 case 6: return __get_reg_value(regs->rsi, size);
98 case 7: return __get_reg_value(regs->rdi, size);
99 case 8: return __get_reg_value(regs->r8, size);
100 case 9: return __get_reg_value(regs->r9, size);
101 case 10: return __get_reg_value(regs->r10, size);
102 case 11: return __get_reg_value(regs->r11, size);
103 case 12: return __get_reg_value(regs->r12, size);
104 case 13: return __get_reg_value(regs->r13, size);
105 case 14: return __get_reg_value(regs->r14, size);
106 case 15: return __get_reg_value(regs->r15, size);
107 default:
108 printf("Error: (get_reg_value) Invalid index value\n");
109 domain_crash_synchronous();
110 }
111 }
112 #elif defined (__i386__)
113 static inline long __get_reg_value(unsigned long reg, int size)
114 {
115 switch(size) {
116 case WORD:
117 return (short)(reg & 0xFFFF);
118 case LONG:
119 return (int)(reg & 0xFFFFFFFF);
120 default:
121 printf("Error: (__get_reg_value) Invalid reg size\n");
122 domain_crash_synchronous();
123 }
124 }
126 long get_reg_value(int size, int index, int seg, struct cpu_user_regs *regs)
127 {
128 if (size == BYTE) {
129 switch (index) {
130 case 0: /* %al */
131 return (char)(regs->eax & 0xFF);
132 case 1: /* %cl */
133 return (char)(regs->ecx & 0xFF);
134 case 2: /* %dl */
135 return (char)(regs->edx & 0xFF);
136 case 3: /* %bl */
137 return (char)(regs->ebx & 0xFF);
138 case 4: /* %ah */
139 return (char)((regs->eax & 0xFF00) >> 8);
140 case 5: /* %ch */
141 return (char)((regs->ecx & 0xFF00) >> 8);
142 case 6: /* %dh */
143 return (char)((regs->edx & 0xFF00) >> 8);
144 case 7: /* %bh */
145 return (char)((regs->ebx & 0xFF00) >> 8);
146 default:
147 printf("Error: (get_reg_value) Invalid index value\n");
148 domain_crash_synchronous();
149 }
150 }
152 switch (index) {
153 case 0: return __get_reg_value(regs->eax, size);
154 case 1: return __get_reg_value(regs->ecx, size);
155 case 2: return __get_reg_value(regs->edx, size);
156 case 3: return __get_reg_value(regs->ebx, size);
157 case 4: return __get_reg_value(regs->esp, size);
158 case 5: return __get_reg_value(regs->ebp, size);
159 case 6: return __get_reg_value(regs->esi, size);
160 case 7: return __get_reg_value(regs->edi, size);
161 default:
162 printf("Error: (get_reg_value) Invalid index value\n");
163 domain_crash_synchronous();
164 }
165 }
166 #endif
168 static inline unsigned char *check_prefix(unsigned char *inst,
169 struct instruction *thread_inst, unsigned char *rex_p)
170 {
171 while (1) {
172 switch (*inst) {
173 /* rex prefix for em64t instructions */
174 case 0x40 ... 0x4e:
175 *rex_p = *inst;
176 break;
177 case 0xf3: /* REPZ */
178 thread_inst->flags = REPZ;
179 break;
180 case 0xf2: /* REPNZ */
181 thread_inst->flags = REPNZ;
182 break;
183 case 0xf0: /* LOCK */
184 break;
185 case 0x2e: /* CS */
186 case 0x36: /* SS */
187 case 0x3e: /* DS */
188 case 0x26: /* ES */
189 case 0x64: /* FS */
190 case 0x65: /* GS */
191 thread_inst->seg_sel = *inst;
192 break;
193 case 0x66: /* 32bit->16bit */
194 thread_inst->op_size = WORD;
195 break;
196 case 0x67:
197 break;
198 default:
199 return inst;
200 }
201 inst++;
202 }
203 }
205 static inline unsigned long get_immediate(int op16,const unsigned char *inst, int op_size)
206 {
207 int mod, reg, rm;
208 unsigned long val = 0;
209 int i;
211 mod = (*inst >> 6) & 3;
212 reg = (*inst >> 3) & 7;
213 rm = *inst & 7;
215 inst++; //skip ModR/M byte
216 if (mod != 3 && rm == 4) {
217 inst++; //skip SIB byte
218 }
220 switch(mod) {
221 case 0:
222 if (rm == 5 || rm == 4) {
223 if (op16)
224 inst = inst + 2; //disp16, skip 2 bytes
225 else
226 inst = inst + 4; //disp32, skip 4 bytes
227 }
228 break;
229 case 1:
230 inst++; //disp8, skip 1 byte
231 break;
232 case 2:
233 if (op16)
234 inst = inst + 2; //disp16, skip 2 bytes
235 else
236 inst = inst + 4; //disp32, skip 4 bytes
237 break;
238 }
240 if (op_size == QUAD)
241 op_size = LONG;
243 for (i = 0; i < op_size; i++) {
244 val |= (*inst++ & 0xff) << (8 * i);
245 }
247 return val;
248 }
250 static inline int get_index(const unsigned char *inst, unsigned char rex)
251 {
252 int mod, reg, rm;
253 int rex_r, rex_b;
255 mod = (*inst >> 6) & 3;
256 reg = (*inst >> 3) & 7;
257 rm = *inst & 7;
259 rex_r = (rex >> 2) & 1;
260 rex_b = rex & 1;
262 //Only one operand in the instruction is register
263 if (mod == 3) {
264 return (rm + (rex_b << 3));
265 } else {
266 return (reg + (rex_r << 3));
267 }
268 return 0;
269 }
271 static void init_instruction(struct instruction *mmio_inst)
272 {
273 mmio_inst->instr = 0;
274 mmio_inst->op_size = 0;
275 mmio_inst->immediate = 0;
276 mmio_inst->seg_sel = 0;
278 mmio_inst->operand[0] = 0;
279 mmio_inst->operand[1] = 0;
281 mmio_inst->flags = 0;
282 }
284 #define GET_OP_SIZE_FOR_BYTE(op_size) \
285 do { \
286 if (rex) \
287 op_size = BYTE_64; \
288 else \
289 op_size = BYTE; \
290 } while(0)
292 #define GET_OP_SIZE_FOR_NONEBYTE(op_size) \
293 do { \
294 if (rex & 0x8) \
295 op_size = QUAD; \
296 else if (op_size != WORD) \
297 op_size = LONG; \
298 } while(0)
301 /*
302 * Decode mem,accumulator operands (as in <opcode> m8/m16/m32, al,ax,eax)
303 */
304 static int mem_acc(unsigned char size, struct instruction *instr)
305 {
306 instr->operand[0] = mk_operand(size, 0, 0, MEMORY);
307 instr->operand[1] = mk_operand(size, 0, 0, REGISTER);
308 return DECODE_success;
309 }
311 /*
312 * Decode accumulator,mem operands (as in <opcode> al,ax,eax, m8/m16/m32)
313 */
314 static int acc_mem(unsigned char size, struct instruction *instr)
315 {
316 instr->operand[0] = mk_operand(size, 0, 0, REGISTER);
317 instr->operand[1] = mk_operand(size, 0, 0, MEMORY);
318 return DECODE_success;
319 }
321 /*
322 * Decode mem,reg operands (as in <opcode> r32/16, m32/16)
323 */
324 static int mem_reg(unsigned char size, unsigned char *opcode,
325 struct instruction *instr, unsigned char rex)
326 {
327 int index = get_index(opcode + 1, rex);
329 instr->operand[0] = mk_operand(size, 0, 0, MEMORY);
330 instr->operand[1] = mk_operand(size, index, 0, REGISTER);
331 return DECODE_success;
332 }
334 /*
335 * Decode reg,mem operands (as in <opcode> m32/16, r32/16)
336 */
337 static int reg_mem(unsigned char size, unsigned char *opcode,
338 struct instruction *instr, unsigned char rex)
339 {
340 int index = get_index(opcode + 1, rex);
342 instr->operand[0] = mk_operand(size, index, 0, REGISTER);
343 instr->operand[1] = mk_operand(size, 0, 0, MEMORY);
344 return DECODE_success;
345 }
347 static int hvm_decode(int realmode, unsigned char *opcode, struct instruction *instr)
348 {
349 unsigned char size_reg = 0;
350 unsigned char rex = 0;
351 int index;
353 init_instruction(instr);
355 opcode = check_prefix(opcode, instr, &rex);
357 if (realmode) { /* meaning is reversed */
358 if (instr->op_size == WORD)
359 instr->op_size = LONG;
360 else if (instr->op_size == LONG)
361 instr->op_size = WORD;
362 else if (instr->op_size == 0)
363 instr->op_size = WORD;
364 }
366 switch (*opcode) {
367 case 0x0A: /* or r8, m8 */
368 instr->instr = INSTR_OR;
369 instr->op_size = BYTE;
370 GET_OP_SIZE_FOR_BYTE(size_reg);
371 return mem_reg(size_reg, opcode, instr, rex);
373 case 0x0B: /* or m32/16, r32/16 */
374 instr->instr = INSTR_OR;
375 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
376 return mem_reg(instr->op_size, opcode, instr, rex);
378 case 0x20: /* and r8, m8 */
379 instr->instr = INSTR_AND;
380 instr->op_size = BYTE;
381 GET_OP_SIZE_FOR_BYTE(size_reg);
382 return reg_mem(size_reg, opcode, instr, rex);
384 case 0x21: /* and r32/16, m32/16 */
385 instr->instr = INSTR_AND;
386 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
387 return reg_mem(instr->op_size, opcode, instr, rex);
389 case 0x22: /* and m8, r8 */
390 instr->instr = INSTR_AND;
391 instr->op_size = BYTE;
392 GET_OP_SIZE_FOR_BYTE(size_reg);
393 return mem_reg(size_reg, opcode, instr, rex);
395 case 0x23: /* and m32/16, r32/16 */
396 instr->instr = INSTR_AND;
397 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
398 return mem_reg(instr->op_size, opcode, instr, rex);
400 case 0x30: /* xor r8, m8 */
401 instr->instr = INSTR_XOR;
402 instr->op_size = BYTE;
403 GET_OP_SIZE_FOR_BYTE(size_reg);
404 return reg_mem(size_reg, opcode, instr, rex);
406 case 0x31: /* xor r32/16, m32/16 */
407 instr->instr = INSTR_XOR;
408 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
409 return reg_mem(instr->op_size, opcode, instr, rex);
411 case 0x32: /* xor m8, r8*/
412 instr->instr = INSTR_XOR;
413 instr->op_size = BYTE;
414 GET_OP_SIZE_FOR_BYTE(size_reg);
415 return mem_reg(size_reg, opcode, instr, rex);
417 case 0x39: /* cmp r32/16, m32/16 */
418 instr->instr = INSTR_CMP;
419 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
420 return reg_mem(instr->op_size, opcode, instr, rex);
422 case 0x3B: /* cmp m32/16, r32/16 */
423 instr->instr = INSTR_CMP;
424 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
425 return mem_reg(instr->op_size, opcode, instr, rex);
427 case 0x80:
428 case 0x81:
429 case 0x83:
430 {
431 unsigned char ins_subtype = (opcode[1] >> 3) & 7;
433 if (opcode[0] == 0x80) {
434 GET_OP_SIZE_FOR_BYTE(size_reg);
435 instr->op_size = BYTE;
436 } else if (opcode[0] == 0x81) {
437 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
438 size_reg = instr->op_size;
439 } else if (opcode[0] == 0x83) {
440 GET_OP_SIZE_FOR_NONEBYTE(size_reg);
441 instr->op_size = size_reg;
442 }
444 /* opcode 0x83 always has a single byte operand */
445 if (opcode[0] == 0x83)
446 instr->immediate =
447 (signed char)get_immediate(realmode, opcode+1, BYTE);
448 else
449 instr->immediate =
450 get_immediate(realmode, opcode+1, instr->op_size);
452 instr->operand[0] = mk_operand(size_reg, 0, 0, IMMEDIATE);
453 instr->operand[1] = mk_operand(size_reg, 0, 0, MEMORY);
455 switch (ins_subtype) {
456 case 7: /* cmp $imm, m32/16 */
457 instr->instr = INSTR_CMP;
458 return DECODE_success;
460 case 1: /* or $imm, m32/16 */
461 instr->instr = INSTR_OR;
462 return DECODE_success;
464 default:
465 printf("%x/%x, This opcode isn't handled yet!\n",
466 *opcode, ins_subtype);
467 return DECODE_failure;
468 }
469 }
471 case 0x84: /* test m8, r8 */
472 instr->instr = INSTR_TEST;
473 instr->op_size = BYTE;
474 GET_OP_SIZE_FOR_BYTE(size_reg);
475 return mem_reg(size_reg, opcode, instr, rex);
477 case 0x87: /* xchg {r/m16|r/m32}, {m/r16|m/r32} */
478 instr->instr = INSTR_XCHG;
479 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
480 if (((*(opcode+1)) & 0xc7) == 5)
481 return reg_mem(instr->op_size, opcode, instr, rex);
482 else
483 return mem_reg(instr->op_size, opcode, instr, rex);
485 case 0x88: /* mov r8, m8 */
486 instr->instr = INSTR_MOV;
487 instr->op_size = BYTE;
488 GET_OP_SIZE_FOR_BYTE(size_reg);
489 return reg_mem(size_reg, opcode, instr, rex);
491 case 0x89: /* mov r32/16, m32/16 */
492 instr->instr = INSTR_MOV;
493 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
494 return reg_mem(instr->op_size, opcode, instr, rex);
496 case 0x8A: /* mov m8, r8 */
497 instr->instr = INSTR_MOV;
498 instr->op_size = BYTE;
499 GET_OP_SIZE_FOR_BYTE(size_reg);
500 return mem_reg(size_reg, opcode, instr, rex);
502 case 0x8B: /* mov m32/16, r32/16 */
503 instr->instr = INSTR_MOV;
504 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
505 return mem_reg(instr->op_size, opcode, instr, rex);
507 case 0xA0: /* mov <addr>, al */
508 instr->instr = INSTR_MOV;
509 instr->op_size = BYTE;
510 GET_OP_SIZE_FOR_BYTE(size_reg);
511 return mem_acc(size_reg, instr);
513 case 0xA1: /* mov <addr>, ax/eax */
514 instr->instr = INSTR_MOV;
515 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
516 return mem_acc(instr->op_size, instr);
518 case 0xA2: /* mov al, <addr> */
519 instr->instr = INSTR_MOV;
520 instr->op_size = BYTE;
521 GET_OP_SIZE_FOR_BYTE(size_reg);
522 return acc_mem(size_reg, instr);
524 case 0xA3: /* mov ax/eax, <addr> */
525 instr->instr = INSTR_MOV;
526 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
527 return acc_mem(instr->op_size, instr);
529 case 0xA4: /* movsb */
530 instr->instr = INSTR_MOVS;
531 instr->op_size = BYTE;
532 return DECODE_success;
534 case 0xA5: /* movsw/movsl */
535 instr->instr = INSTR_MOVS;
536 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
537 return DECODE_success;
539 case 0xAA: /* stosb */
540 instr->instr = INSTR_STOS;
541 instr->op_size = BYTE;
542 return DECODE_success;
544 case 0xAB: /* stosw/stosl */
545 instr->instr = INSTR_STOS;
546 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
547 return DECODE_success;
549 case 0xAC: /* lodsb */
550 instr->instr = INSTR_LODS;
551 instr->op_size = BYTE;
552 return DECODE_success;
554 case 0xAD: /* lodsw/lodsl */
555 instr->instr = INSTR_LODS;
556 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
557 return DECODE_success;
559 case 0xC6:
560 if (((opcode[1] >> 3) & 7) == 0) { /* mov $imm8, m8 */
561 instr->instr = INSTR_MOV;
562 instr->op_size = BYTE;
564 instr->operand[0] = mk_operand(instr->op_size, 0, 0, IMMEDIATE);
565 instr->immediate = get_immediate(realmode, opcode+1, instr->op_size);
566 instr->operand[1] = mk_operand(instr->op_size, 0, 0, MEMORY);
568 return DECODE_success;
569 } else
570 return DECODE_failure;
572 case 0xC7:
573 if (((opcode[1] >> 3) & 7) == 0) { /* mov $imm16/32, m16/32 */
574 instr->instr = INSTR_MOV;
575 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
577 instr->operand[0] = mk_operand(instr->op_size, 0, 0, IMMEDIATE);
578 instr->immediate = get_immediate(realmode, opcode+1, instr->op_size);
579 instr->operand[1] = mk_operand(instr->op_size, 0, 0, MEMORY);
581 return DECODE_success;
582 } else
583 return DECODE_failure;
585 case 0xF6:
586 case 0xF7:
587 if (((opcode[1] >> 3) & 7) == 0) { /* test $imm8/16/32, m8/16/32 */
588 instr->instr = INSTR_TEST;
590 if (opcode[0] == 0xF6) {
591 GET_OP_SIZE_FOR_BYTE(size_reg);
592 instr->op_size = BYTE;
593 } else {
594 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
595 size_reg = instr->op_size;
596 }
598 instr->operand[0] = mk_operand(size_reg, 0, 0, IMMEDIATE);
599 instr->immediate = get_immediate(realmode, opcode+1, instr->op_size);
600 instr->operand[1] = mk_operand(size_reg, 0, 0, MEMORY);
602 return DECODE_success;
603 } else
604 return DECODE_failure;
606 case 0x0F:
607 break;
609 default:
610 printf("%x, This opcode isn't handled yet!\n", *opcode);
611 return DECODE_failure;
612 }
614 switch (*++opcode) {
615 case 0xB6: /* movzx m8, r16/r32/r64 */
616 instr->instr = INSTR_MOVZX;
617 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
618 index = get_index(opcode + 1, rex);
619 instr->operand[0] = mk_operand(BYTE, 0, 0, MEMORY);
620 instr->operand[1] = mk_operand(instr->op_size, index, 0, REGISTER);
621 return DECODE_success;
623 case 0xB7: /* movzx m16/m32, r32/r64 */
624 instr->instr = INSTR_MOVZX;
625 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
626 index = get_index(opcode + 1, rex);
627 if (rex & 0x8)
628 instr->operand[0] = mk_operand(LONG, 0, 0, MEMORY);
629 else
630 instr->operand[0] = mk_operand(WORD, 0, 0, MEMORY);
631 instr->operand[1] = mk_operand(instr->op_size, index, 0, REGISTER);
632 return DECODE_success;
634 case 0xBE: /* movsx m8, r16/r32/r64 */
635 instr->instr = INSTR_MOVSX;
636 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
637 index = get_index(opcode + 1, rex);
638 instr->operand[0] = mk_operand(BYTE, 0, 0, MEMORY);
639 instr->operand[1] = mk_operand(instr->op_size, index, 0, REGISTER);
640 return DECODE_success;
642 case 0xBF: /* movsx m16, r32/r64 */
643 instr->instr = INSTR_MOVSX;
644 GET_OP_SIZE_FOR_NONEBYTE(instr->op_size);
645 index = get_index(opcode + 1, rex);
646 instr->operand[0] = mk_operand(WORD, 0, 0, MEMORY);
647 instr->operand[1] = mk_operand(instr->op_size, index, 0, REGISTER);
648 return DECODE_success;
650 case 0xA3: /* bt r32, m32 */
651 instr->instr = INSTR_BT;
652 index = get_index(opcode + 1, rex);
653 instr->op_size = LONG;
654 instr->operand[0] = mk_operand(instr->op_size, index, 0, REGISTER);
655 instr->operand[1] = mk_operand(instr->op_size, 0, 0, MEMORY);
656 return DECODE_success;
658 default:
659 printf("0f %x, This opcode isn't handled yet\n", *opcode);
660 return DECODE_failure;
661 }
662 }
664 int inst_copy_from_guest(unsigned char *buf, unsigned long guest_eip, int inst_len)
665 {
666 if (inst_len > MAX_INST_LEN || inst_len <= 0)
667 return 0;
668 if (!hvm_copy(buf, guest_eip, inst_len, HVM_COPY_IN))
669 return 0;
670 return inst_len;
671 }
673 static void hvm_send_assist_req(struct vcpu *v)
674 {
675 ioreq_t *p;
677 p = &get_vio(v->domain, v->vcpu_id)->vp_ioreq;
678 if ( unlikely(p->state != STATE_INVALID) ) {
679 /* This indicates a bug in the device model. Crash the
680 domain. */
681 printf("Device model set bad IO state %d.\n", p->state);
682 domain_crash(v->domain);
683 return;
684 }
685 wmb();
686 p->state = STATE_IOREQ_READY;
687 notify_via_xen_event_channel(v->arch.hvm_vcpu.xen_port);
688 }
691 /* Wake up a vcpu whihc is waiting for interrupts to come in */
692 void hvm_prod_vcpu(struct vcpu *v)
693 {
694 vcpu_unblock(v);
695 }
697 void send_pio_req(struct cpu_user_regs *regs, unsigned long port,
698 unsigned long count, int size, long value, int dir, int pvalid)
699 {
700 struct vcpu *v = current;
701 vcpu_iodata_t *vio;
702 ioreq_t *p;
704 vio = get_vio(v->domain, v->vcpu_id);
705 if (vio == NULL) {
706 printk("bad shared page: %lx\n", (unsigned long) vio);
707 domain_crash_synchronous();
708 }
710 p = &vio->vp_ioreq;
711 if ( p->state != STATE_INVALID )
712 printf("WARNING: send pio with something already pending (%d)?\n",
713 p->state);
714 p->dir = dir;
715 p->pdata_valid = pvalid;
717 p->type = IOREQ_TYPE_PIO;
718 p->size = size;
719 p->addr = port;
720 p->count = count;
721 p->df = regs->eflags & EF_DF ? 1 : 0;
723 p->io_count++;
725 if (pvalid) {
726 if (hvm_paging_enabled(current))
727 p->u.pdata = (void *) gva_to_gpa(value);
728 else
729 p->u.pdata = (void *) value; /* guest VA == guest PA */
730 } else
731 p->u.data = value;
733 if (hvm_portio_intercept(p)) {
734 p->state = STATE_IORESP_READY;
735 hvm_io_assist(v);
736 return;
737 }
739 hvm_send_assist_req(v);
740 }
742 void send_mmio_req(
743 unsigned char type, unsigned long gpa,
744 unsigned long count, int size, long value, int dir, int pvalid)
745 {
746 struct vcpu *v = current;
747 vcpu_iodata_t *vio;
748 ioreq_t *p;
749 struct cpu_user_regs *regs;
751 regs = &current->arch.hvm_vcpu.io_op.io_context;
753 vio = get_vio(v->domain, v->vcpu_id);
754 if (vio == NULL) {
755 printf("bad shared page\n");
756 domain_crash_synchronous();
757 }
759 p = &vio->vp_ioreq;
761 if ( p->state != STATE_INVALID )
762 printf("WARNING: send mmio with something already pending (%d)?\n",
763 p->state);
764 p->dir = dir;
765 p->pdata_valid = pvalid;
767 p->type = type;
768 p->size = size;
769 p->addr = gpa;
770 p->count = count;
771 p->df = regs->eflags & EF_DF ? 1 : 0;
773 p->io_count++;
775 if (pvalid) {
776 if (hvm_paging_enabled(v))
777 p->u.pdata = (void *) gva_to_gpa(value);
778 else
779 p->u.pdata = (void *) value; /* guest VA == guest PA */
780 } else
781 p->u.data = value;
783 if ( hvm_mmio_intercept(p) || hvm_buffered_io_intercept(p) ) {
784 p->state = STATE_IORESP_READY;
785 hvm_io_assist(v);
786 return;
787 }
789 hvm_send_assist_req(v);
790 }
792 static void mmio_operands(int type, unsigned long gpa, struct instruction *inst,
793 struct hvm_io_op *mmio_opp, struct cpu_user_regs *regs)
794 {
795 unsigned long value = 0;
796 int index, size_reg;
798 size_reg = operand_size(inst->operand[0]);
800 mmio_opp->flags = inst->flags;
801 mmio_opp->instr = inst->instr;
802 mmio_opp->operand[0] = inst->operand[0]; /* source */
803 mmio_opp->operand[1] = inst->operand[1]; /* destination */
804 mmio_opp->immediate = inst->immediate;
806 if (inst->operand[0] & REGISTER) { /* dest is memory */
807 index = operand_index(inst->operand[0]);
808 value = get_reg_value(size_reg, index, 0, regs);
809 send_mmio_req(type, gpa, 1, inst->op_size, value, IOREQ_WRITE, 0);
810 } else if (inst->operand[0] & IMMEDIATE) { /* dest is memory */
811 value = inst->immediate;
812 send_mmio_req(type, gpa, 1, inst->op_size, value, IOREQ_WRITE, 0);
813 } else if (inst->operand[0] & MEMORY) { /* dest is register */
814 /* send the request and wait for the value */
815 if ( (inst->instr == INSTR_MOVZX) || (inst->instr == INSTR_MOVSX) )
816 send_mmio_req(type, gpa, 1, size_reg, 0, IOREQ_READ, 0);
817 else
818 send_mmio_req(type, gpa, 1, inst->op_size, 0, IOREQ_READ, 0);
819 } else {
820 printf("mmio_operands: invalid operand\n");
821 domain_crash_synchronous();
822 }
823 }
825 #define GET_REPEAT_COUNT() \
826 (mmio_inst.flags & REPZ ? (realmode ? regs->ecx & 0xFFFF : regs->ecx) : 1)
828 void handle_mmio(unsigned long va, unsigned long gpa)
829 {
830 unsigned long inst_addr;
831 struct hvm_io_op *mmio_opp;
832 struct cpu_user_regs *regs;
833 struct instruction mmio_inst;
834 unsigned char inst[MAX_INST_LEN];
835 int i, realmode, ret, inst_len;
836 struct vcpu *v = current;
838 mmio_opp = &v->arch.hvm_vcpu.io_op;
839 regs = &mmio_opp->io_context;
841 /* Copy current guest state into io instruction state structure. */
842 memcpy(regs, guest_cpu_user_regs(), HVM_CONTEXT_STACK_BYTES);
843 hvm_store_cpu_guest_regs(v, regs, NULL);
845 if ((inst_len = hvm_instruction_length(v)) <= 0) {
846 printf("handle_mmio: failed to get instruction length\n");
847 domain_crash_synchronous();
848 }
850 realmode = hvm_realmode(v);
851 if (realmode)
852 inst_addr = (regs->cs << 4) + regs->eip;
853 else
854 inst_addr = regs->eip;
856 memset(inst, 0, MAX_INST_LEN);
857 ret = inst_copy_from_guest(inst, inst_addr, inst_len);
858 if (ret != inst_len) {
859 printf("handle_mmio: failed to copy instruction\n");
860 domain_crash_synchronous();
861 }
863 init_instruction(&mmio_inst);
865 if (hvm_decode(realmode, inst, &mmio_inst) == DECODE_failure) {
866 printf("handle_mmio: failed to decode instruction\n");
867 printf("mmio opcode: va 0x%lx, gpa 0x%lx, len %d:",
868 va, gpa, inst_len);
869 for (i = 0; i < inst_len; i++)
870 printf(" %02x", inst[i] & 0xFF);
871 printf("\n");
872 domain_crash_synchronous();
873 }
875 regs->eip += inst_len; /* advance %eip */
877 switch (mmio_inst.instr) {
878 case INSTR_MOV:
879 mmio_operands(IOREQ_TYPE_COPY, gpa, &mmio_inst, mmio_opp, regs);
880 break;
882 case INSTR_MOVS:
883 {
884 unsigned long count = GET_REPEAT_COUNT();
885 unsigned long size = mmio_inst.op_size;
886 int sign = regs->eflags & EF_DF ? -1 : 1;
887 unsigned long addr = 0;
888 int dir;
890 /* determine non-MMIO address */
891 if (realmode) {
892 if (((regs->es << 4) + (regs->edi & 0xFFFF)) == va) {
893 dir = IOREQ_WRITE;
894 addr = (regs->ds << 4) + (regs->esi & 0xFFFF);
895 } else {
896 dir = IOREQ_READ;
897 addr = (regs->es << 4) + (regs->edi & 0xFFFF);
898 }
899 } else {
900 if (va == regs->edi) {
901 dir = IOREQ_WRITE;
902 addr = regs->esi;
903 } else {
904 dir = IOREQ_READ;
905 addr = regs->edi;
906 }
907 }
909 mmio_opp->flags = mmio_inst.flags;
910 mmio_opp->instr = mmio_inst.instr;
912 /*
913 * In case of a movs spanning multiple pages, we break the accesses
914 * up into multiple pages (the device model works with non-continguous
915 * physical guest pages). To copy just one page, we adjust %ecx and
916 * do not advance %eip so that the next "rep movs" copies the next page.
917 * Unaligned accesses, for example movsl starting at PGSZ-2, are
918 * turned into a single copy where we handle the overlapping memory
919 * copy ourself. After this copy succeeds, "rep movs" is executed
920 * again.
921 */
922 if ((addr & PAGE_MASK) != ((addr + sign * (size - 1)) & PAGE_MASK)) {
923 unsigned long value = 0;
925 mmio_opp->flags |= OVERLAP;
927 regs->eip -= inst_len; /* do not advance %eip */
929 if (dir == IOREQ_WRITE)
930 hvm_copy(&value, addr, size, HVM_COPY_IN);
931 send_mmio_req(IOREQ_TYPE_COPY, gpa, 1, size, value, dir, 0);
932 } else {
933 if ((addr & PAGE_MASK) != ((addr + sign * (count * size - 1)) & PAGE_MASK)) {
934 regs->eip -= inst_len; /* do not advance %eip */
936 if (sign > 0)
937 count = (PAGE_SIZE - (addr & ~PAGE_MASK)) / size;
938 else
939 count = (addr & ~PAGE_MASK) / size;
940 }
942 send_mmio_req(IOREQ_TYPE_COPY, gpa, count, size, addr, dir, 1);
943 }
944 break;
945 }
947 case INSTR_MOVZX:
948 case INSTR_MOVSX:
949 mmio_operands(IOREQ_TYPE_COPY, gpa, &mmio_inst, mmio_opp, regs);
950 break;
952 case INSTR_STOS:
953 /*
954 * Since the destination is always in (contiguous) mmio space we don't
955 * need to break it up into pages.
956 */
957 mmio_opp->flags = mmio_inst.flags;
958 mmio_opp->instr = mmio_inst.instr;
959 send_mmio_req(IOREQ_TYPE_COPY, gpa,
960 GET_REPEAT_COUNT(), mmio_inst.op_size, regs->eax, IOREQ_WRITE, 0);
961 break;
963 case INSTR_LODS:
964 /*
965 * Since the source is always in (contiguous) mmio space we don't
966 * need to break it up into pages.
967 */
968 mmio_opp->flags = mmio_inst.flags;
969 mmio_opp->instr = mmio_inst.instr;
970 send_mmio_req(IOREQ_TYPE_COPY, gpa,
971 GET_REPEAT_COUNT(), mmio_inst.op_size, 0, IOREQ_READ, 0);
972 break;
974 case INSTR_OR:
975 mmio_operands(IOREQ_TYPE_OR, gpa, &mmio_inst, mmio_opp, regs);
976 break;
978 case INSTR_AND:
979 mmio_operands(IOREQ_TYPE_AND, gpa, &mmio_inst, mmio_opp, regs);
980 break;
982 case INSTR_XOR:
983 mmio_operands(IOREQ_TYPE_XOR, gpa, &mmio_inst, mmio_opp, regs);
984 break;
986 case INSTR_CMP: /* Pass through */
987 case INSTR_TEST:
988 mmio_opp->flags = mmio_inst.flags;
989 mmio_opp->instr = mmio_inst.instr;
990 mmio_opp->operand[0] = mmio_inst.operand[0]; /* source */
991 mmio_opp->operand[1] = mmio_inst.operand[1]; /* destination */
992 mmio_opp->immediate = mmio_inst.immediate;
994 /* send the request and wait for the value */
995 send_mmio_req(IOREQ_TYPE_COPY, gpa, 1,
996 mmio_inst.op_size, 0, IOREQ_READ, 0);
997 break;
999 case INSTR_BT:
1001 unsigned long value = 0;
1002 int index, size;
1004 mmio_opp->instr = mmio_inst.instr;
1005 mmio_opp->operand[0] = mmio_inst.operand[0]; /* bit offset */
1006 mmio_opp->operand[1] = mmio_inst.operand[1]; /* bit base */
1008 index = operand_index(mmio_inst.operand[0]);
1009 size = operand_size(mmio_inst.operand[0]);
1010 value = get_reg_value(size, index, 0, regs);
1012 send_mmio_req(IOREQ_TYPE_COPY, gpa + (value >> 5), 1,
1013 mmio_inst.op_size, 0, IOREQ_READ, 0);
1014 break;
1017 case INSTR_XCHG:
1018 mmio_opp->flags = mmio_inst.flags;
1019 mmio_opp->instr = mmio_inst.instr;
1020 mmio_opp->operand[0] = mmio_inst.operand[0]; /* source */
1021 mmio_opp->operand[1] = mmio_inst.operand[1]; /* destination */
1022 if ( mmio_inst.operand[0] & REGISTER ) {
1023 long value;
1024 unsigned long operand = mmio_inst.operand[0];
1025 value = get_reg_value(operand_size(operand),
1026 operand_index(operand), 0,
1027 regs);
1028 /* send the request and wait for the value */
1029 send_mmio_req(IOREQ_TYPE_XCHG, gpa, 1,
1030 mmio_inst.op_size, value, IOREQ_WRITE, 0);
1031 } else {
1032 /* the destination is a register */
1033 long value;
1034 unsigned long operand = mmio_inst.operand[1];
1035 value = get_reg_value(operand_size(operand),
1036 operand_index(operand), 0,
1037 regs);
1038 /* send the request and wait for the value */
1039 send_mmio_req(IOREQ_TYPE_XCHG, gpa, 1,
1040 mmio_inst.op_size, value, IOREQ_WRITE, 0);
1042 break;
1044 default:
1045 printf("Unhandled MMIO instruction\n");
1046 domain_crash_synchronous();
1050 DEFINE_PER_CPU(int, guest_handles_in_xen_space);
1052 /* Note that copy_{to,from}_user_hvm don't set the A and D bits on
1053 PTEs, and require the PTE to be writable even when they're only
1054 trying to read from it. The guest is expected to deal with
1055 this. */
1056 unsigned long copy_to_user_hvm(void *to, const void *from, unsigned len)
1058 if ( this_cpu(guest_handles_in_xen_space) )
1060 memcpy(to, from, len);
1061 return 0;
1064 return !hvm_copy((void *)from, (unsigned long)to, len, HVM_COPY_OUT);
1067 unsigned long copy_from_user_hvm(void *to, const void *from, unsigned len)
1069 if ( this_cpu(guest_handles_in_xen_space) )
1071 memcpy(to, from, len);
1072 return 0;
1075 return !hvm_copy(to, (unsigned long)from, len, HVM_COPY_IN);
1078 /*
1079 * Local variables:
1080 * mode: C
1081 * c-set-style: "BSD"
1082 * c-basic-offset: 4
1083 * tab-width: 4
1084 * indent-tabs-mode: nil
1085 * End:
1086 */