ia64/xen-unstable

view xen/arch/x86/hvm/platform.c @ 14441:f8ef8f466225

hvm mmio: two additional mmio ops that OS/2 needs emulated.

From: Trolle Selander <trolle.selander@gmail.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
author kfraser@localhost.localdomain
date Fri Mar 16 16:21:16 2007 +0000 (2007-03-16)
parents 4314691c70a2
children 7e431ea834a8
line source
1 /*
2 * platform.c: handling x86 platform related MMIO instructions
3 *
4 * Copyright (c) 2004, Intel Corporation.
5 * Copyright (c) 2005, International Business Machines Corporation.
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms and conditions of the GNU General Public License,
9 * version 2, as published by the Free Software Foundation.
10 *
11 * This program is distributed in the hope it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
18 * Place - Suite 330, Boston, MA 02111-1307 USA.
19 */
21 #include <xen/config.h>
22 #include <xen/types.h>
23 #include <xen/mm.h>
24 #include <xen/domain_page.h>
25 #include <asm/page.h>
26 #include <xen/event.h>
27 #include <xen/trace.h>
28 #include <xen/sched.h>
29 #include <asm/regs.h>
30 #include <asm/x86_emulate.h>
31 #include <asm/paging.h>
32 #include <asm/hvm/hvm.h>
33 #include <asm/hvm/support.h>
34 #include <asm/hvm/io.h>
35 #include <public/hvm/ioreq.h>
37 #include <xen/lib.h>
38 #include <xen/sched.h>
39 #include <asm/current.h>
41 #define DECODE_success 1
42 #define DECODE_failure 0
44 #define mk_operand(size_reg, index, seg, flag) \
45 (((size_reg) << 24) | ((index) << 16) | ((seg) << 8) | (flag))
47 #if defined (__x86_64__)
48 static inline long __get_reg_value(unsigned long reg, int size)
49 {
50 switch ( size ) {
51 case BYTE_64:
52 return (char)(reg & 0xFF);
53 case WORD:
54 return (short)(reg & 0xFFFF);
55 case LONG:
56 return (int)(reg & 0xFFFFFFFF);
57 case QUAD:
58 return (long)(reg);
59 default:
60 printk("Error: (__get_reg_value) Invalid reg size\n");
61 domain_crash_synchronous();
62 }
63 }
65 long get_reg_value(int size, int index, int seg, struct cpu_user_regs *regs)
66 {
67 if ( size == BYTE ) {
68 switch ( index ) {
69 case 0: /* %al */
70 return (char)(regs->rax & 0xFF);
71 case 1: /* %cl */
72 return (char)(regs->rcx & 0xFF);
73 case 2: /* %dl */
74 return (char)(regs->rdx & 0xFF);
75 case 3: /* %bl */
76 return (char)(regs->rbx & 0xFF);
77 case 4: /* %ah */
78 return (char)((regs->rax & 0xFF00) >> 8);
79 case 5: /* %ch */
80 return (char)((regs->rcx & 0xFF00) >> 8);
81 case 6: /* %dh */
82 return (char)((regs->rdx & 0xFF00) >> 8);
83 case 7: /* %bh */
84 return (char)((regs->rbx & 0xFF00) >> 8);
85 default:
86 printk("Error: (get_reg_value) Invalid index value\n");
87 domain_crash_synchronous();
88 }
89 /* NOTREACHED */
90 }
92 switch ( index ) {
93 case 0: return __get_reg_value(regs->rax, size);
94 case 1: return __get_reg_value(regs->rcx, size);
95 case 2: return __get_reg_value(regs->rdx, size);
96 case 3: return __get_reg_value(regs->rbx, size);
97 case 4: return __get_reg_value(regs->rsp, size);
98 case 5: return __get_reg_value(regs->rbp, size);
99 case 6: return __get_reg_value(regs->rsi, size);
100 case 7: return __get_reg_value(regs->rdi, size);
101 case 8: return __get_reg_value(regs->r8, size);
102 case 9: return __get_reg_value(regs->r9, size);
103 case 10: return __get_reg_value(regs->r10, size);
104 case 11: return __get_reg_value(regs->r11, size);
105 case 12: return __get_reg_value(regs->r12, size);
106 case 13: return __get_reg_value(regs->r13, size);
107 case 14: return __get_reg_value(regs->r14, size);
108 case 15: return __get_reg_value(regs->r15, size);
109 default:
110 printk("Error: (get_reg_value) Invalid index value\n");
111 domain_crash_synchronous();
112 }
113 }
114 #elif defined (__i386__)
115 static inline long __get_reg_value(unsigned long reg, int size)
116 {
117 switch ( size ) {
118 case WORD:
119 return (short)(reg & 0xFFFF);
120 case LONG:
121 return (int)(reg & 0xFFFFFFFF);
122 default:
123 printk("Error: (__get_reg_value) Invalid reg size\n");
124 domain_crash_synchronous();
125 }
126 }
128 long get_reg_value(int size, int index, int seg, struct cpu_user_regs *regs)
129 {
130 if ( size == BYTE ) {
131 switch ( index ) {
132 case 0: /* %al */
133 return (char)(regs->eax & 0xFF);
134 case 1: /* %cl */
135 return (char)(regs->ecx & 0xFF);
136 case 2: /* %dl */
137 return (char)(regs->edx & 0xFF);
138 case 3: /* %bl */
139 return (char)(regs->ebx & 0xFF);
140 case 4: /* %ah */
141 return (char)((regs->eax & 0xFF00) >> 8);
142 case 5: /* %ch */
143 return (char)((regs->ecx & 0xFF00) >> 8);
144 case 6: /* %dh */
145 return (char)((regs->edx & 0xFF00) >> 8);
146 case 7: /* %bh */
147 return (char)((regs->ebx & 0xFF00) >> 8);
148 default:
149 printk("Error: (get_reg_value) Invalid index value\n");
150 domain_crash_synchronous();
151 }
152 }
154 switch ( index ) {
155 case 0: return __get_reg_value(regs->eax, size);
156 case 1: return __get_reg_value(regs->ecx, size);
157 case 2: return __get_reg_value(regs->edx, size);
158 case 3: return __get_reg_value(regs->ebx, size);
159 case 4: return __get_reg_value(regs->esp, size);
160 case 5: return __get_reg_value(regs->ebp, size);
161 case 6: return __get_reg_value(regs->esi, size);
162 case 7: return __get_reg_value(regs->edi, size);
163 default:
164 printk("Error: (get_reg_value) Invalid index value\n");
165 domain_crash_synchronous();
166 }
167 }
168 #endif
170 static inline unsigned char *check_prefix(unsigned char *inst,
171 struct hvm_io_op *mmio_op,
172 unsigned char *ad_size,
173 unsigned char *op_size,
174 unsigned char *seg_sel,
175 unsigned char *rex_p)
176 {
177 while ( 1 ) {
178 switch ( *inst ) {
179 /* rex prefix for em64t instructions */
180 case 0x40 ... 0x4f:
181 *rex_p = *inst;
182 break;
183 case 0xf3: /* REPZ */
184 mmio_op->flags = REPZ;
185 break;
186 case 0xf2: /* REPNZ */
187 mmio_op->flags = REPNZ;
188 break;
189 case 0xf0: /* LOCK */
190 break;
191 case 0x2e: /* CS */
192 case 0x36: /* SS */
193 case 0x3e: /* DS */
194 case 0x26: /* ES */
195 case 0x64: /* FS */
196 case 0x65: /* GS */
197 *seg_sel = *inst;
198 break;
199 case 0x66: /* 32bit->16bit */
200 *op_size = WORD;
201 break;
202 case 0x67:
203 *ad_size = WORD;
204 break;
205 default:
206 return inst;
207 }
208 inst++;
209 }
210 }
212 static inline unsigned long get_immediate(int ad_size, const unsigned char *inst, int op_size)
213 {
214 int mod, reg, rm;
215 unsigned long val = 0;
216 int i;
218 mod = (*inst >> 6) & 3;
219 reg = (*inst >> 3) & 7;
220 rm = *inst & 7;
222 inst++; //skip ModR/M byte
223 if ( ad_size != WORD && mod != 3 && rm == 4 ) {
224 rm = *inst & 7;
225 inst++; //skip SIB byte
226 }
228 switch ( mod ) {
229 case 0:
230 if ( ad_size == WORD ) {
231 if ( rm == 6 )
232 inst = inst + 2; //disp16, skip 2 bytes
233 }
234 else {
235 if ( rm == 5 )
236 inst = inst + 4; //disp32, skip 4 bytes
237 }
238 break;
239 case 1:
240 inst++; //disp8, skip 1 byte
241 break;
242 case 2:
243 if ( ad_size == WORD )
244 inst = inst + 2; //disp16, skip 2 bytes
245 else
246 inst = inst + 4; //disp32, skip 4 bytes
247 break;
248 }
250 if ( op_size == QUAD )
251 op_size = LONG;
253 for ( i = 0; i < op_size; i++ ) {
254 val |= (*inst++ & 0xff) << (8 * i);
255 }
257 return val;
258 }
260 static inline int get_index(const unsigned char *inst, unsigned char rex)
261 {
262 int mod, reg, rm;
263 int rex_r, rex_b;
265 mod = (*inst >> 6) & 3;
266 reg = (*inst >> 3) & 7;
267 rm = *inst & 7;
269 rex_r = (rex >> 2) & 1;
270 rex_b = rex & 1;
272 //Only one operand in the instruction is register
273 if ( mod == 3 ) {
274 return (rm + (rex_b << 3));
275 } else {
276 return (reg + (rex_r << 3));
277 }
278 return 0;
279 }
281 static void init_instruction(struct hvm_io_op *mmio_op)
282 {
283 mmio_op->instr = 0;
285 mmio_op->flags = 0;
287 mmio_op->operand[0] = 0;
288 mmio_op->operand[1] = 0;
289 mmio_op->immediate = 0;
290 }
292 #define GET_OP_SIZE_FOR_BYTE(size_reg) \
293 do { \
294 if ( rex ) \
295 (size_reg) = BYTE_64; \
296 else \
297 (size_reg) = BYTE; \
298 } while( 0 )
300 #define GET_OP_SIZE_FOR_NONEBYTE(op_size) \
301 do { \
302 if ( rex & 0x8 ) \
303 (op_size) = QUAD; \
304 else if ( (op_size) != WORD ) \
305 (op_size) = LONG; \
306 } while( 0 )
309 /*
310 * Decode mem,accumulator operands (as in <opcode> m8/m16/m32, al,ax,eax)
311 */
312 static inline int mem_acc(unsigned char size, struct hvm_io_op *mmio)
313 {
314 mmio->operand[0] = mk_operand(size, 0, 0, MEMORY);
315 mmio->operand[1] = mk_operand(size, 0, 0, REGISTER);
316 return DECODE_success;
317 }
319 /*
320 * Decode accumulator,mem operands (as in <opcode> al,ax,eax, m8/m16/m32)
321 */
322 static inline int acc_mem(unsigned char size, struct hvm_io_op *mmio)
323 {
324 mmio->operand[0] = mk_operand(size, 0, 0, REGISTER);
325 mmio->operand[1] = mk_operand(size, 0, 0, MEMORY);
326 return DECODE_success;
327 }
329 /*
330 * Decode mem,reg operands (as in <opcode> r32/16, m32/16)
331 */
332 static int mem_reg(unsigned char size, unsigned char *opcode,
333 struct hvm_io_op *mmio_op, unsigned char rex)
334 {
335 int index = get_index(opcode + 1, rex);
337 mmio_op->operand[0] = mk_operand(size, 0, 0, MEMORY);
338 mmio_op->operand[1] = mk_operand(size, index, 0, REGISTER);
339 return DECODE_success;
340 }
342 /*
343 * Decode reg,mem operands (as in <opcode> m32/16, r32/16)
344 */
345 static int reg_mem(unsigned char size, unsigned char *opcode,
346 struct hvm_io_op *mmio_op, unsigned char rex)
347 {
348 int index = get_index(opcode + 1, rex);
350 mmio_op->operand[0] = mk_operand(size, index, 0, REGISTER);
351 mmio_op->operand[1] = mk_operand(size, 0, 0, MEMORY);
352 return DECODE_success;
353 }
355 static int mmio_decode(int address_bytes, unsigned char *opcode,
356 struct hvm_io_op *mmio_op,
357 unsigned char *ad_size, unsigned char *op_size,
358 unsigned char *seg_sel)
359 {
360 unsigned char size_reg = 0;
361 unsigned char rex = 0;
362 int index;
364 *ad_size = 0;
365 *op_size = 0;
366 *seg_sel = 0;
367 init_instruction(mmio_op);
369 opcode = check_prefix(opcode, mmio_op, ad_size, op_size, seg_sel, &rex);
371 switch ( address_bytes )
372 {
373 case 2:
374 if ( *op_size == WORD )
375 *op_size = LONG;
376 else if ( *op_size == LONG )
377 *op_size = WORD;
378 else if ( *op_size == 0 )
379 *op_size = WORD;
380 if ( *ad_size == WORD )
381 *ad_size = LONG;
382 else if ( *ad_size == LONG )
383 *ad_size = WORD;
384 else if ( *ad_size == 0 )
385 *ad_size = WORD;
386 break;
387 case 4:
388 if ( *op_size == 0 )
389 *op_size = LONG;
390 if ( *ad_size == 0 )
391 *ad_size = LONG;
392 break;
393 #ifdef __x86_64__
394 case 8:
395 if ( *op_size == 0 )
396 *op_size = rex & 0x8 ? QUAD : LONG;
397 if ( *ad_size == 0 )
398 *ad_size = QUAD;
399 break;
400 #endif
401 }
403 /* the operands order in comments conforms to AT&T convention */
405 switch ( *opcode ) {
407 case 0x00: /* add r8, m8 */
408 mmio_op->instr = INSTR_ADD;
409 *op_size = BYTE;
410 GET_OP_SIZE_FOR_BYTE(size_reg);
411 return reg_mem(size_reg, opcode, mmio_op, rex);
413 case 0x03: /* add m32/16, r32/16 */
414 mmio_op->instr = INSTR_ADD;
415 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
416 return mem_reg(*op_size, opcode, mmio_op, rex);
418 case 0x08: /* or r8, m8 */
419 mmio_op->instr = INSTR_OR;
420 *op_size = BYTE;
421 GET_OP_SIZE_FOR_BYTE(size_reg);
422 return reg_mem(size_reg, opcode, mmio_op, rex);
424 case 0x09: /* or r32/16, m32/16 */
425 mmio_op->instr = INSTR_OR;
426 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
427 return reg_mem(*op_size, opcode, mmio_op, rex);
429 case 0x0A: /* or m8, r8 */
430 mmio_op->instr = INSTR_OR;
431 *op_size = BYTE;
432 GET_OP_SIZE_FOR_BYTE(size_reg);
433 return mem_reg(size_reg, opcode, mmio_op, rex);
435 case 0x0B: /* or m32/16, r32/16 */
436 mmio_op->instr = INSTR_OR;
437 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
438 return mem_reg(*op_size, opcode, mmio_op, rex);
440 case 0x20: /* and r8, m8 */
441 mmio_op->instr = INSTR_AND;
442 *op_size = BYTE;
443 GET_OP_SIZE_FOR_BYTE(size_reg);
444 return reg_mem(size_reg, opcode, mmio_op, rex);
446 case 0x21: /* and r32/16, m32/16 */
447 mmio_op->instr = INSTR_AND;
448 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
449 return reg_mem(*op_size, opcode, mmio_op, rex);
451 case 0x22: /* and m8, r8 */
452 mmio_op->instr = INSTR_AND;
453 *op_size = BYTE;
454 GET_OP_SIZE_FOR_BYTE(size_reg);
455 return mem_reg(size_reg, opcode, mmio_op, rex);
457 case 0x23: /* and m32/16, r32/16 */
458 mmio_op->instr = INSTR_AND;
459 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
460 return mem_reg(*op_size, opcode, mmio_op, rex);
462 case 0x2B: /* sub m32/16, r32/16 */
463 mmio_op->instr = INSTR_SUB;
464 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
465 return mem_reg(*op_size, opcode, mmio_op, rex);
467 case 0x30: /* xor r8, m8 */
468 mmio_op->instr = INSTR_XOR;
469 *op_size = BYTE;
470 GET_OP_SIZE_FOR_BYTE(size_reg);
471 return reg_mem(size_reg, opcode, mmio_op, rex);
473 case 0x31: /* xor r32/16, m32/16 */
474 mmio_op->instr = INSTR_XOR;
475 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
476 return reg_mem(*op_size, opcode, mmio_op, rex);
478 case 0x32: /* xor m8, r8 */
479 mmio_op->instr = INSTR_XOR;
480 *op_size = BYTE;
481 GET_OP_SIZE_FOR_BYTE(size_reg);
482 return mem_reg(size_reg, opcode, mmio_op, rex);
484 case 0x38: /* cmp r8, m8 */
485 mmio_op->instr = INSTR_CMP;
486 *op_size = BYTE;
487 GET_OP_SIZE_FOR_BYTE(size_reg);
488 return reg_mem(size_reg, opcode, mmio_op, rex);
490 case 0x39: /* cmp r32/16, m32/16 */
491 mmio_op->instr = INSTR_CMP;
492 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
493 return reg_mem(*op_size, opcode, mmio_op, rex);
495 case 0x3A: /* cmp m8, r8 */
496 mmio_op->instr = INSTR_CMP;
497 *op_size = BYTE;
498 GET_OP_SIZE_FOR_BYTE(size_reg);
499 return mem_reg(size_reg, opcode, mmio_op, rex);
501 case 0x3B: /* cmp m32/16, r32/16 */
502 mmio_op->instr = INSTR_CMP;
503 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
504 return mem_reg(*op_size, opcode, mmio_op, rex);
506 case 0x80:
507 case 0x81:
508 case 0x83:
509 {
510 unsigned char ins_subtype = (opcode[1] >> 3) & 7;
512 if ( opcode[0] == 0x80 ) {
513 *op_size = BYTE;
514 GET_OP_SIZE_FOR_BYTE(size_reg);
515 } else {
516 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
517 size_reg = *op_size;
518 }
520 /* opcode 0x83 always has a single byte operand */
521 if ( opcode[0] == 0x83 )
522 mmio_op->immediate =
523 (signed char)get_immediate(*ad_size, opcode + 1, BYTE);
524 else
525 mmio_op->immediate =
526 get_immediate(*ad_size, opcode + 1, *op_size);
528 mmio_op->operand[0] = mk_operand(size_reg, 0, 0, IMMEDIATE);
529 mmio_op->operand[1] = mk_operand(size_reg, 0, 0, MEMORY);
531 switch ( ins_subtype ) {
532 case 0: /* add $imm, m32/16 */
533 mmio_op->instr = INSTR_ADD;
534 return DECODE_success;
536 case 1: /* or $imm, m32/16 */
537 mmio_op->instr = INSTR_OR;
538 return DECODE_success;
540 case 4: /* and $imm, m32/16 */
541 mmio_op->instr = INSTR_AND;
542 return DECODE_success;
544 case 5: /* sub $imm, m32/16 */
545 mmio_op->instr = INSTR_SUB;
546 return DECODE_success;
548 case 6: /* xor $imm, m32/16 */
549 mmio_op->instr = INSTR_XOR;
550 return DECODE_success;
552 case 7: /* cmp $imm, m32/16 */
553 mmio_op->instr = INSTR_CMP;
554 return DECODE_success;
556 default:
557 printk("%x/%x, This opcode isn't handled yet!\n",
558 *opcode, ins_subtype);
559 return DECODE_failure;
560 }
561 }
563 case 0x84: /* test r8, m8 */
564 mmio_op->instr = INSTR_TEST;
565 *op_size = BYTE;
566 GET_OP_SIZE_FOR_BYTE(size_reg);
567 return reg_mem(size_reg, opcode, mmio_op, rex);
569 case 0x85: /* test r16/32, m16/32 */
570 mmio_op->instr = INSTR_TEST;
571 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
572 return reg_mem(*op_size, opcode, mmio_op, rex);
574 case 0x86: /* xchg m8, r8 */
575 mmio_op->instr = INSTR_XCHG;
576 *op_size = BYTE;
577 GET_OP_SIZE_FOR_BYTE(size_reg);
578 return reg_mem(size_reg, opcode, mmio_op, rex);
580 case 0x87: /* xchg m16/32, r16/32 */
581 mmio_op->instr = INSTR_XCHG;
582 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
583 return reg_mem(*op_size, opcode, mmio_op, rex);
585 case 0x88: /* mov r8, m8 */
586 mmio_op->instr = INSTR_MOV;
587 *op_size = BYTE;
588 GET_OP_SIZE_FOR_BYTE(size_reg);
589 return reg_mem(size_reg, opcode, mmio_op, rex);
591 case 0x89: /* mov r32/16, m32/16 */
592 mmio_op->instr = INSTR_MOV;
593 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
594 return reg_mem(*op_size, opcode, mmio_op, rex);
596 case 0x8A: /* mov m8, r8 */
597 mmio_op->instr = INSTR_MOV;
598 *op_size = BYTE;
599 GET_OP_SIZE_FOR_BYTE(size_reg);
600 return mem_reg(size_reg, opcode, mmio_op, rex);
602 case 0x8B: /* mov m32/16, r32/16 */
603 mmio_op->instr = INSTR_MOV;
604 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
605 return mem_reg(*op_size, opcode, mmio_op, rex);
607 case 0xA0: /* mov <addr>, al */
608 mmio_op->instr = INSTR_MOV;
609 *op_size = BYTE;
610 GET_OP_SIZE_FOR_BYTE(size_reg);
611 return mem_acc(size_reg, mmio_op);
613 case 0xA1: /* mov <addr>, ax/eax */
614 mmio_op->instr = INSTR_MOV;
615 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
616 return mem_acc(*op_size, mmio_op);
618 case 0xA2: /* mov al, <addr> */
619 mmio_op->instr = INSTR_MOV;
620 *op_size = BYTE;
621 GET_OP_SIZE_FOR_BYTE(size_reg);
622 return acc_mem(size_reg, mmio_op);
624 case 0xA3: /* mov ax/eax, <addr> */
625 mmio_op->instr = INSTR_MOV;
626 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
627 return acc_mem(*op_size, mmio_op);
629 case 0xA4: /* movsb */
630 mmio_op->instr = INSTR_MOVS;
631 *op_size = BYTE;
632 return DECODE_success;
634 case 0xA5: /* movsw/movsl */
635 mmio_op->instr = INSTR_MOVS;
636 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
637 return DECODE_success;
639 case 0xAA: /* stosb */
640 mmio_op->instr = INSTR_STOS;
641 *op_size = BYTE;
642 return DECODE_success;
644 case 0xAB: /* stosw/stosl */
645 mmio_op->instr = INSTR_STOS;
646 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
647 return DECODE_success;
649 case 0xAC: /* lodsb */
650 mmio_op->instr = INSTR_LODS;
651 *op_size = BYTE;
652 return DECODE_success;
654 case 0xAD: /* lodsw/lodsl */
655 mmio_op->instr = INSTR_LODS;
656 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
657 return DECODE_success;
659 case 0xC6:
660 if ( ((opcode[1] >> 3) & 7) == 0 ) { /* mov $imm8, m8 */
661 mmio_op->instr = INSTR_MOV;
662 *op_size = BYTE;
664 mmio_op->operand[0] = mk_operand(*op_size, 0, 0, IMMEDIATE);
665 mmio_op->immediate =
666 get_immediate(*ad_size, opcode + 1, *op_size);
667 mmio_op->operand[1] = mk_operand(*op_size, 0, 0, MEMORY);
669 return DECODE_success;
670 } else
671 return DECODE_failure;
673 case 0xC7:
674 if ( ((opcode[1] >> 3) & 7) == 0 ) { /* mov $imm16/32, m16/32 */
675 mmio_op->instr = INSTR_MOV;
676 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
678 mmio_op->operand[0] = mk_operand(*op_size, 0, 0, IMMEDIATE);
679 mmio_op->immediate =
680 get_immediate(*ad_size, opcode + 1, *op_size);
681 mmio_op->operand[1] = mk_operand(*op_size, 0, 0, MEMORY);
683 return DECODE_success;
684 } else
685 return DECODE_failure;
687 case 0xF6:
688 case 0xF7:
689 if ( ((opcode[1] >> 3) & 7) == 0 ) { /* test $imm8/16/32, m8/16/32 */
690 mmio_op->instr = INSTR_TEST;
692 if ( opcode[0] == 0xF6 ) {
693 *op_size = BYTE;
694 GET_OP_SIZE_FOR_BYTE(size_reg);
695 } else {
696 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
697 size_reg = *op_size;
698 }
700 mmio_op->operand[0] = mk_operand(size_reg, 0, 0, IMMEDIATE);
701 mmio_op->immediate =
702 get_immediate(*ad_size, opcode + 1, *op_size);
703 mmio_op->operand[1] = mk_operand(size_reg, 0, 0, MEMORY);
705 return DECODE_success;
706 } else
707 return DECODE_failure;
709 case 0xFE:
710 case 0xFF:
711 {
712 unsigned char ins_subtype = (opcode[1] >> 3) & 7;
714 if ( opcode[0] == 0xFE ) {
715 *op_size = BYTE;
716 GET_OP_SIZE_FOR_BYTE(size_reg);
717 } else {
718 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
719 size_reg = *op_size;
720 }
722 mmio_op->immediate = 1;
723 mmio_op->operand[0] = mk_operand(size_reg, 0, 0, IMMEDIATE);
724 mmio_op->operand[1] = mk_operand(size_reg, 0, 0, MEMORY);
726 switch ( ins_subtype ) {
727 case 0: /* inc */
728 mmio_op->instr = INSTR_ADD;
729 return DECODE_success;
731 case 1: /* dec */
732 mmio_op->instr = INSTR_SUB;
733 return DECODE_success;
735 case 6: /* push */
736 mmio_op->instr = INSTR_PUSH;
737 mmio_op->operand[0] = mmio_op->operand[1];
738 return DECODE_success;
740 default:
741 printk("%x/%x, This opcode isn't handled yet!\n",
742 *opcode, ins_subtype);
743 return DECODE_failure;
744 }
745 }
747 case 0x0F:
748 break;
750 default:
751 printk("%x, This opcode isn't handled yet!\n", *opcode);
752 return DECODE_failure;
753 }
755 switch ( *++opcode ) {
756 case 0xB6: /* movzx m8, r16/r32/r64 */
757 mmio_op->instr = INSTR_MOVZX;
758 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
759 index = get_index(opcode + 1, rex);
760 mmio_op->operand[0] = mk_operand(BYTE, 0, 0, MEMORY);
761 mmio_op->operand[1] = mk_operand(*op_size, index, 0, REGISTER);
762 return DECODE_success;
764 case 0xB7: /* movzx m16, r32/r64 */
765 mmio_op->instr = INSTR_MOVZX;
766 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
767 index = get_index(opcode + 1, rex);
768 mmio_op->operand[0] = mk_operand(WORD, 0, 0, MEMORY);
769 mmio_op->operand[1] = mk_operand(*op_size, index, 0, REGISTER);
770 return DECODE_success;
772 case 0xBE: /* movsx m8, r16/r32/r64 */
773 mmio_op->instr = INSTR_MOVSX;
774 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
775 index = get_index(opcode + 1, rex);
776 mmio_op->operand[0] = mk_operand(BYTE, 0, 0, MEMORY);
777 mmio_op->operand[1] = mk_operand(*op_size, index, 0, REGISTER);
778 return DECODE_success;
780 case 0xBF: /* movsx m16, r32/r64 */
781 mmio_op->instr = INSTR_MOVSX;
782 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
783 index = get_index(opcode + 1, rex);
784 mmio_op->operand[0] = mk_operand(WORD, 0, 0, MEMORY);
785 mmio_op->operand[1] = mk_operand(*op_size, index, 0, REGISTER);
786 return DECODE_success;
788 case 0xA3: /* bt r32, m32 */
789 mmio_op->instr = INSTR_BT;
790 index = get_index(opcode + 1, rex);
791 *op_size = LONG;
792 mmio_op->operand[0] = mk_operand(*op_size, index, 0, REGISTER);
793 mmio_op->operand[1] = mk_operand(*op_size, 0, 0, MEMORY);
794 return DECODE_success;
796 case 0xBA:
797 if ( ((opcode[1] >> 3) & 7) == 4 ) /* BT $imm8, m16/32/64 */
798 {
799 mmio_op->instr = INSTR_BT;
800 GET_OP_SIZE_FOR_NONEBYTE(*op_size);
801 mmio_op->operand[0] = mk_operand(BYTE, 0, 0, IMMEDIATE);
802 mmio_op->immediate =
803 (signed char)get_immediate(*ad_size, opcode + 1, BYTE);
804 mmio_op->operand[1] = mk_operand(*op_size, 0, 0, MEMORY);
805 return DECODE_success;
806 }
807 else
808 {
809 printk("0f %x, This opcode subtype isn't handled yet\n", *opcode);
810 return DECODE_failure;
811 }
813 default:
814 printk("0f %x, This opcode isn't handled yet\n", *opcode);
815 return DECODE_failure;
816 }
817 }
819 int inst_copy_from_guest(unsigned char *buf, unsigned long guest_eip, int inst_len)
820 {
821 if ( inst_len > MAX_INST_LEN || inst_len <= 0 )
822 return 0;
823 if ( hvm_copy_from_guest_virt(buf, guest_eip, inst_len) )
824 return 0;
825 return inst_len;
826 }
828 void send_pio_req(unsigned long port, unsigned long count, int size,
829 paddr_t value, int dir, int df, int value_is_ptr)
830 {
831 struct vcpu *v = current;
832 vcpu_iodata_t *vio;
833 ioreq_t *p;
835 if ( size == 0 || count == 0 ) {
836 printk("null pio request? port %lx, count %lx, "
837 "size %d, value %"PRIpaddr", dir %d, value_is_ptr %d.\n",
838 port, count, size, value, dir, value_is_ptr);
839 }
841 vio = get_vio(v->domain, v->vcpu_id);
842 if ( vio == NULL ) {
843 printk("bad shared page: %lx\n", (unsigned long) vio);
844 domain_crash_synchronous();
845 }
847 p = &vio->vp_ioreq;
848 if ( p->state != STATE_IOREQ_NONE )
849 printk("WARNING: send pio with something already pending (%d)?\n",
850 p->state);
852 p->dir = dir;
853 p->data_is_ptr = value_is_ptr;
855 p->type = IOREQ_TYPE_PIO;
856 p->size = size;
857 p->addr = port;
858 p->count = count;
859 p->df = df;
861 p->io_count++;
863 p->data = value;
865 if ( hvm_portio_intercept(p) )
866 {
867 p->state = STATE_IORESP_READY;
868 hvm_io_assist(v);
869 return;
870 }
872 hvm_send_assist_req(v);
873 }
875 static void send_mmio_req(unsigned char type, unsigned long gpa,
876 unsigned long count, int size, paddr_t value,
877 int dir, int df, int value_is_ptr)
878 {
879 struct vcpu *v = current;
880 vcpu_iodata_t *vio;
881 ioreq_t *p;
883 if ( size == 0 || count == 0 ) {
884 printk("null mmio request? type %d, gpa %lx, "
885 "count %lx, size %d, value %"PRIpaddr"x, dir %d, "
886 "value_is_ptr %d.\n",
887 type, gpa, count, size, value, dir, value_is_ptr);
888 }
890 vio = get_vio(v->domain, v->vcpu_id);
891 if (vio == NULL) {
892 printk("bad shared page\n");
893 domain_crash_synchronous();
894 }
896 p = &vio->vp_ioreq;
898 if ( p->state != STATE_IOREQ_NONE )
899 printk("WARNING: send mmio with something already pending (%d)?\n",
900 p->state);
901 p->dir = dir;
902 p->data_is_ptr = value_is_ptr;
904 p->type = type;
905 p->size = size;
906 p->addr = gpa;
907 p->count = count;
908 p->df = df;
910 p->io_count++;
912 p->data = value;
914 if ( hvm_mmio_intercept(p) || hvm_buffered_io_intercept(p) )
915 {
916 p->state = STATE_IORESP_READY;
917 hvm_io_assist(v);
918 return;
919 }
921 hvm_send_assist_req(v);
922 }
924 static void mmio_operands(int type, unsigned long gpa,
925 struct hvm_io_op *mmio_op,
926 unsigned char op_size)
927 {
928 unsigned long value = 0;
929 int df, index, size_reg;
930 struct cpu_user_regs *regs = &mmio_op->io_context;
932 df = regs->eflags & X86_EFLAGS_DF ? 1 : 0;
934 size_reg = operand_size(mmio_op->operand[0]);
936 if ( mmio_op->operand[0] & REGISTER ) { /* dest is memory */
937 index = operand_index(mmio_op->operand[0]);
938 value = get_reg_value(size_reg, index, 0, regs);
939 send_mmio_req(type, gpa, 1, op_size, value, IOREQ_WRITE, df, 0);
940 } else if ( mmio_op->operand[0] & IMMEDIATE ) { /* dest is memory */
941 value = mmio_op->immediate;
942 send_mmio_req(type, gpa, 1, op_size, value, IOREQ_WRITE, df, 0);
943 } else if ( mmio_op->operand[0] & MEMORY ) { /* dest is register */
944 /* send the request and wait for the value */
945 if ( (mmio_op->instr == INSTR_MOVZX) ||
946 (mmio_op->instr == INSTR_MOVSX) )
947 send_mmio_req(type, gpa, 1, size_reg, 0, IOREQ_READ, df, 0);
948 else
949 send_mmio_req(type, gpa, 1, op_size, 0, IOREQ_READ, df, 0);
950 } else {
951 printk("%s: invalid dest mode.\n", __func__);
952 domain_crash_synchronous();
953 }
954 }
956 #define GET_REPEAT_COUNT() \
957 (mmio_op->flags & REPZ ? (ad_size == WORD ? regs->ecx & 0xFFFF : regs->ecx) : 1)
960 void handle_mmio(unsigned long gpa)
961 {
962 unsigned long inst_addr;
963 struct hvm_io_op *mmio_op;
964 struct cpu_user_regs *regs;
965 unsigned char inst[MAX_INST_LEN], ad_size, op_size, seg_sel;
966 int i, address_bytes, df, inst_len;
967 struct vcpu *v = current;
969 mmio_op = &v->arch.hvm_vcpu.io_op;
970 regs = &mmio_op->io_context;
972 /* Copy current guest state into io instruction state structure. */
973 memcpy(regs, guest_cpu_user_regs(), HVM_CONTEXT_STACK_BYTES);
974 hvm_store_cpu_guest_regs(v, regs, NULL);
976 df = regs->eflags & X86_EFLAGS_DF ? 1 : 0;
978 address_bytes = hvm_guest_x86_mode(v);
979 inst_addr = hvm_get_segment_base(v, x86_seg_cs) + regs->eip;
980 inst_len = hvm_instruction_length(inst_addr, address_bytes);
981 if ( inst_len <= 0 )
982 {
983 printk("handle_mmio: failed to get instruction length\n");
984 domain_crash_synchronous();
985 }
987 memset(inst, 0, MAX_INST_LEN);
988 if ( inst_copy_from_guest(inst, inst_addr, inst_len) != inst_len ) {
989 printk("handle_mmio: failed to copy instruction\n");
990 domain_crash_synchronous();
991 }
993 if ( mmio_decode(address_bytes, inst, mmio_op, &ad_size,
994 &op_size, &seg_sel) == DECODE_failure ) {
995 printk("handle_mmio: failed to decode instruction\n");
996 printk("mmio opcode: gpa 0x%lx, len %d:", gpa, inst_len);
997 for ( i = 0; i < inst_len; i++ )
998 printk(" %02x", inst[i] & 0xFF);
999 printk("\n");
1000 domain_crash_synchronous();
1003 regs->eip += inst_len; /* advance %eip */
1005 switch ( mmio_op->instr ) {
1006 case INSTR_MOV:
1007 mmio_operands(IOREQ_TYPE_COPY, gpa, mmio_op, op_size);
1008 break;
1010 case INSTR_MOVS:
1012 unsigned long count = GET_REPEAT_COUNT();
1013 int sign = regs->eflags & X86_EFLAGS_DF ? -1 : 1;
1014 unsigned long addr, gfn;
1015 paddr_t paddr;
1016 int dir, size = op_size;
1018 ASSERT(count);
1020 /* determine non-MMIO address */
1021 addr = regs->edi;
1022 if ( ad_size == WORD )
1023 addr &= 0xFFFF;
1024 addr += hvm_get_segment_base(v, x86_seg_es);
1025 gfn = paging_gva_to_gfn(v, addr);
1026 paddr = (paddr_t)gfn << PAGE_SHIFT | (addr & ~PAGE_MASK);
1027 if ( paddr == gpa )
1029 enum x86_segment seg;
1031 dir = IOREQ_WRITE;
1032 addr = regs->esi;
1033 if ( ad_size == WORD )
1034 addr &= 0xFFFF;
1035 switch ( seg_sel )
1037 case 0x26: seg = x86_seg_es; break;
1038 case 0x2e: seg = x86_seg_cs; break;
1039 case 0x36: seg = x86_seg_ss; break;
1040 case 0:
1041 case 0x3e: seg = x86_seg_ds; break;
1042 case 0x64: seg = x86_seg_fs; break;
1043 case 0x65: seg = x86_seg_gs; break;
1044 default: domain_crash_synchronous();
1046 addr += hvm_get_segment_base(v, seg);
1047 gfn = paging_gva_to_gfn(v, addr);
1048 paddr = (paddr_t)gfn << PAGE_SHIFT | (addr & ~PAGE_MASK);
1050 else
1051 dir = IOREQ_READ;
1053 if ( gfn == INVALID_GFN )
1055 /* The guest does not have the non-mmio address mapped.
1056 * Need to send in a page fault */
1057 int errcode = 0;
1058 /* IO read --> memory write */
1059 if ( dir == IOREQ_READ ) errcode |= PFEC_write_access;
1060 regs->eip -= inst_len; /* do not advance %eip */
1061 hvm_inject_exception(TRAP_page_fault, errcode, addr);
1062 return;
1065 /*
1066 * In case of a movs spanning multiple pages, we break the accesses
1067 * up into multiple pages (the device model works with non-continguous
1068 * physical guest pages). To copy just one page, we adjust %ecx and
1069 * do not advance %eip so that the next rep;movs copies the next page.
1070 * Unaligned accesses, for example movsl starting at PGSZ-2, are
1071 * turned into a single copy where we handle the overlapping memory
1072 * copy ourself. After this copy succeeds, "rep movs" is executed
1073 * again.
1074 */
1075 if ( (addr & PAGE_MASK) != ((addr + size - 1) & PAGE_MASK) ) {
1076 unsigned long value = 0;
1078 mmio_op->flags |= OVERLAP;
1080 if ( dir == IOREQ_WRITE ) {
1081 if ( hvm_paging_enabled(v) )
1083 int rv = hvm_copy_from_guest_virt(&value, addr, size);
1084 if ( rv != 0 )
1086 /* Failed on the page-spanning copy. Inject PF into
1087 * the guest for the address where we failed */
1088 regs->eip -= inst_len; /* do not advance %eip */
1089 /* Must set CR2 at the failing address */
1090 addr += size - rv;
1091 gdprintk(XENLOG_DEBUG, "Pagefault on non-io side of a "
1092 "page-spanning MMIO: va=%#lx\n", addr);
1093 hvm_inject_exception(TRAP_page_fault, 0, addr);
1094 return;
1097 else
1098 (void) hvm_copy_from_guest_phys(&value, addr, size);
1099 } else /* dir != IOREQ_WRITE */
1100 /* Remember where to write the result, as a *VA*.
1101 * Must be a VA so we can handle the page overlap
1102 * correctly in hvm_mmio_assist() */
1103 mmio_op->addr = addr;
1105 if ( count != 1 )
1106 regs->eip -= inst_len; /* do not advance %eip */
1108 send_mmio_req(IOREQ_TYPE_COPY, gpa, 1, size, value, dir, df, 0);
1109 } else {
1110 unsigned long last_addr = sign > 0 ? addr + count * size - 1
1111 : addr - (count - 1) * size;
1113 if ( (addr & PAGE_MASK) != (last_addr & PAGE_MASK) )
1115 regs->eip -= inst_len; /* do not advance %eip */
1117 if ( sign > 0 )
1118 count = (PAGE_SIZE - (addr & ~PAGE_MASK)) / size;
1119 else
1120 count = (addr & ~PAGE_MASK) / size + 1;
1123 ASSERT(count);
1125 send_mmio_req(IOREQ_TYPE_COPY, gpa, count, size,
1126 paddr, dir, df, 1);
1128 break;
1131 case INSTR_MOVZX:
1132 case INSTR_MOVSX:
1133 mmio_operands(IOREQ_TYPE_COPY, gpa, mmio_op, op_size);
1134 break;
1136 case INSTR_STOS:
1137 /*
1138 * Since the destination is always in (contiguous) mmio space we don't
1139 * need to break it up into pages.
1140 */
1141 send_mmio_req(IOREQ_TYPE_COPY, gpa,
1142 GET_REPEAT_COUNT(), op_size, regs->eax, IOREQ_WRITE, df, 0);
1143 break;
1145 case INSTR_LODS:
1146 /*
1147 * Since the source is always in (contiguous) mmio space we don't
1148 * need to break it up into pages.
1149 */
1150 mmio_op->operand[0] = mk_operand(op_size, 0, 0, REGISTER);
1151 send_mmio_req(IOREQ_TYPE_COPY, gpa,
1152 GET_REPEAT_COUNT(), op_size, 0, IOREQ_READ, df, 0);
1153 break;
1155 case INSTR_OR:
1156 mmio_operands(IOREQ_TYPE_OR, gpa, mmio_op, op_size);
1157 break;
1159 case INSTR_AND:
1160 mmio_operands(IOREQ_TYPE_AND, gpa, mmio_op, op_size);
1161 break;
1163 case INSTR_ADD:
1164 mmio_operands(IOREQ_TYPE_ADD, gpa, mmio_op, op_size);
1165 break;
1167 case INSTR_XOR:
1168 mmio_operands(IOREQ_TYPE_XOR, gpa, mmio_op, op_size);
1169 break;
1171 case INSTR_PUSH:
1172 if ( ad_size == WORD )
1174 mmio_op->addr = (uint16_t)(regs->esp - op_size);
1175 regs->esp = mmio_op->addr | (regs->esp & ~0xffff);
1177 else
1179 regs->esp -= op_size;
1180 mmio_op->addr = regs->esp;
1182 /* send the request and wait for the value */
1183 send_mmio_req(IOREQ_TYPE_COPY, gpa, 1, op_size, 0, IOREQ_READ, df, 0);
1184 break;
1186 case INSTR_CMP: /* Pass through */
1187 case INSTR_TEST:
1188 case INSTR_SUB:
1189 /* send the request and wait for the value */
1190 send_mmio_req(IOREQ_TYPE_COPY, gpa, 1, op_size, 0, IOREQ_READ, df, 0);
1191 break;
1193 case INSTR_BT:
1195 unsigned long value = 0;
1196 int index, size;
1198 if ( mmio_op->operand[0] & REGISTER )
1200 index = operand_index(mmio_op->operand[0]);
1201 size = operand_size(mmio_op->operand[0]);
1202 value = get_reg_value(size, index, 0, regs);
1204 else if ( mmio_op->operand[0] & IMMEDIATE )
1206 mmio_op->immediate = mmio_op->immediate;
1207 value = mmio_op->immediate;
1209 send_mmio_req(IOREQ_TYPE_COPY, gpa + (value >> 5), 1,
1210 op_size, 0, IOREQ_READ, df, 0);
1211 break;
1214 case INSTR_XCHG:
1215 if ( mmio_op->operand[0] & REGISTER ) {
1216 long value;
1217 unsigned long operand = mmio_op->operand[0];
1218 value = get_reg_value(operand_size(operand),
1219 operand_index(operand), 0,
1220 regs);
1221 /* send the request and wait for the value */
1222 send_mmio_req(IOREQ_TYPE_XCHG, gpa, 1,
1223 op_size, value, IOREQ_WRITE, df, 0);
1224 } else {
1225 /* the destination is a register */
1226 long value;
1227 unsigned long operand = mmio_op->operand[1];
1228 value = get_reg_value(operand_size(operand),
1229 operand_index(operand), 0,
1230 regs);
1231 /* send the request and wait for the value */
1232 send_mmio_req(IOREQ_TYPE_XCHG, gpa, 1,
1233 op_size, value, IOREQ_WRITE, df, 0);
1235 break;
1237 default:
1238 printk("Unhandled MMIO instruction\n");
1239 domain_crash_synchronous();
1243 DEFINE_PER_CPU(int, guest_handles_in_xen_space);
1245 /* Note that copy_{to,from}_user_hvm don't set the A and D bits on
1246 PTEs, and require the PTE to be writable even when they're only
1247 trying to read from it. The guest is expected to deal with
1248 this. */
1249 unsigned long copy_to_user_hvm(void *to, const void *from, unsigned len)
1251 if ( this_cpu(guest_handles_in_xen_space) )
1253 memcpy(to, from, len);
1254 return 0;
1257 return hvm_copy_to_guest_virt((unsigned long)to, (void *)from, len);
1260 unsigned long copy_from_user_hvm(void *to, const void *from, unsigned len)
1262 if ( this_cpu(guest_handles_in_xen_space) )
1264 memcpy(to, from, len);
1265 return 0;
1268 return hvm_copy_from_guest_virt(to, (unsigned long)from, len);
1271 /*
1272 * Local variables:
1273 * mode: C
1274 * c-set-style: "BSD"
1275 * c-basic-offset: 4
1276 * tab-width: 4
1277 * indent-tabs-mode: nil
1278 * End:
1279 */