* [PULL v2 00/25] target/i386, SCSI changes for 2024-06-11
@ 2024-06-17 8:13 Paolo Bonzini
2024-06-17 8:13 ` [PULL 13/25] target/i386: convert MOV from/to CR and DR to new decoder Paolo Bonzini
2024-06-17 21:22 ` [PULL v2 00/25] target/i386, SCSI changes for 2024-06-11 Richard Henderson
0 siblings, 2 replies; 4+ messages in thread
From: Paolo Bonzini @ 2024-06-17 8:13 UTC (permalink / raw)
To: qemu-devel
The following changes since commit 80e8f0602168f451a93e71cbb1d59e93d745e62e:
Merge tag 'bsd-user-misc-2024q2-pull-request' of gitlab.com:bsdimp/qemu into staging (2024-06-09 11:21:55 -0700)
are available in the Git repository at:
https://gitlab.com/bonzini/qemu.git tags/for-upstream
for you to fetch changes up to 109238a8d97cd8e85ca614109724a0b1222b21f5:
target/i386: SEV: do not assume machine->cgs is SEV (2024-06-17 09:47:39 +0200)
----------------------------------------------------------------
* i386: fix issue with cache topology passthrough
* scsi-disk: migrate emulated requests
* i386/sev: fix Coverity issues
* i386/tcg: more conversions to new decoder
----------------------------------------------------------------
v1->v2: fixed MOV from/to CR and DR in 64-bit modes (does not need REX.W)
Chuang Xu (1):
i386/cpu: fixup number of addressable IDs for processor cores in the physical package
Hyman Huang (1):
scsi-disk: Fix crash for VM configured with USB CDROM after live migration
Pankaj Gupta (3):
i386/sev: fix unreachable code coverity issue
i386/sev: Move SEV_COMMON null check before dereferencing
i386/sev: Return when sev_common is null
Paolo Bonzini (20):
target/i386: remove CPUX86State argument from generator functions
target/i386: rewrite flags writeback for ADCX/ADOX
target/i386: put BLS* input in T1, use generic flag writeback
target/i386: change X86_ENTRYr to use T0
target/i386: change X86_ENTRYwr to use T0, use it for moves
target/i386: replace NoSeg special with NoLoadEA
target/i386: fix processing of intercept 0 (read CR0)
target/i386: convert MOV from/to CR and DR to new decoder
target/i386: replace read_crN helper with read_cr8
target/i386: fix bad sorting of entries in the 0F table
target/i386: finish converting 0F AE to the new decoder
target/i386: split X86_CHECK_prot into PE and VM86 checks
target/i386: convert non-grouped, helper-based 2-byte opcodes
target/i386: pull load/writeback out of gen_shiftd_rm_T1
target/i386: adapt gen_shift_count for SHLD/SHRD
target/i386: convert SHLD/SHRD to new decoder
target/i386: convert LZCNT/TZCNT/BSF/BSR/POPCNT to new decoder
target/i386: convert XADD to new decoder
target/i386: convert CMPXCHG to new decoder
target/i386: SEV: do not assume machine->cgs is SEV
target/i386/cpu.h | 9 +-
target/i386/helper.h | 2 +-
target/i386/tcg/decode-new.h | 32 +-
hw/core/machine.c | 1 +
hw/scsi/scsi-disk.c | 24 +-
target/i386/cpu.c | 6 +-
target/i386/sev.c | 11 +-
target/i386/tcg/seg_helper.c | 16 +-
target/i386/tcg/sysemu/misc_helper.c | 20 +-
target/i386/tcg/translate.c | 716 +--------------------
target/i386/tcg/decode-new.c.inc | 389 ++++++++----
target/i386/tcg/emit.c.inc | 1166 +++++++++++++++++++++++-----------
12 files changed, 1173 insertions(+), 1219 deletions(-)
--
2.45.2
^ permalink raw reply [flat|nested] 4+ messages in thread* [PULL 13/25] target/i386: convert MOV from/to CR and DR to new decoder 2024-06-17 8:13 [PULL v2 00/25] target/i386, SCSI changes for 2024-06-11 Paolo Bonzini @ 2024-06-17 8:13 ` Paolo Bonzini 2024-06-17 21:22 ` [PULL v2 00/25] target/i386, SCSI changes for 2024-06-11 Richard Henderson 1 sibling, 0 replies; 4+ messages in thread From: Paolo Bonzini @ 2024-06-17 8:13 UTC (permalink / raw) To: qemu-devel Complete implementation of C and D operand types, then the operations are just MOVs. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- target/i386/tcg/decode-new.h | 1 + target/i386/tcg/translate.c | 79 -------------------------------- target/i386/tcg/decode-new.c.inc | 61 ++++++++++++++++++++++-- target/i386/tcg/emit.c.inc | 24 +++++++++- 4 files changed, 81 insertions(+), 84 deletions(-) diff --git a/target/i386/tcg/decode-new.h b/target/i386/tcg/decode-new.h index 8465717ea21..60a191ee763 100644 --- a/target/i386/tcg/decode-new.h +++ b/target/i386/tcg/decode-new.h @@ -90,6 +90,7 @@ typedef enum X86OpSize { X86_SIZE_w, /* 16-bit */ X86_SIZE_x, /* 128/256-bit, based on operand size */ X86_SIZE_y, /* 32/64-bit, based on operand size */ + X86_SIZE_y_d64, /* 32/64-bit, based on 64-bit mode */ X86_SIZE_z, /* 16-bit for 16-bit operand size, else 32-bit */ X86_SIZE_z_f64, /* 32-bit for 32-bit operand size or 64-bit mode, else 16-bit */ diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index fcba9c155f9..4958f4c45d5 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -247,9 +247,6 @@ STUB_HELPER(outb, TCGv_env env, TCGv_i32 port, TCGv_i32 val) STUB_HELPER(outw, TCGv_env env, TCGv_i32 port, TCGv_i32 val) STUB_HELPER(outl, TCGv_env env, TCGv_i32 port, TCGv_i32 val) STUB_HELPER(rdmsr, TCGv_env env) -STUB_HELPER(read_crN, TCGv ret, TCGv_env env, TCGv_i32 reg) -STUB_HELPER(get_dr, TCGv ret, TCGv_env env, TCGv_i32 reg) -STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val) STUB_HELPER(stgi, TCGv_env env) STUB_HELPER(svm_check_intercept, TCGv_env env, TCGv_i32 type) STUB_HELPER(vmload, TCGv_env env, TCGv_i32 aflag) @@ -4192,82 +4189,6 @@ static void disas_insn_old(DisasContext *s, CPUState *cpu, int b) gen_nop_modrm(env, s, modrm); break; - case 0x120: /* mov reg, crN */ - case 0x122: /* mov crN, reg */ - if (!check_cpl0(s)) { - break; - } - modrm = x86_ldub_code(env, s); - /* - * Ignore the mod bits (assume (modrm&0xc0)==0xc0). - * AMD documentation (24594.pdf) and testing of Intel 386 and 486 - * processors all show that the mod bits are assumed to be 1's, - * regardless of actual values. - */ - rm = (modrm & 7) | REX_B(s); - reg = ((modrm >> 3) & 7) | REX_R(s); - switch (reg) { - case 0: - if ((prefixes & PREFIX_LOCK) && - (s->cpuid_ext3_features & CPUID_EXT3_CR8LEG)) { - reg = 8; - } - break; - case 2: - case 3: - case 4: - case 8: - break; - default: - goto unknown_op; - } - ot = (CODE64(s) ? MO_64 : MO_32); - - translator_io_start(&s->base); - if (b & 2) { - gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0 + reg); - gen_op_mov_v_reg(s, ot, s->T0, rm); - gen_helper_write_crN(tcg_env, tcg_constant_i32(reg), s->T0); - s->base.is_jmp = DISAS_EOB_NEXT; - } else { - gen_svm_check_intercept(s, SVM_EXIT_READ_CR0 + reg); - gen_helper_read_crN(s->T0, tcg_env, tcg_constant_i32(reg)); - gen_op_mov_reg_v(s, ot, rm, s->T0); - } - break; - - case 0x121: /* mov reg, drN */ - case 0x123: /* mov drN, reg */ - if (check_cpl0(s)) { - modrm = x86_ldub_code(env, s); - /* Ignore the mod bits (assume (modrm&0xc0)==0xc0). - * AMD documentation (24594.pdf) and testing of - * intel 386 and 486 processors all show that the mod bits - * are assumed to be 1's, regardless of actual values. - */ - rm = (modrm & 7) | REX_B(s); - reg = ((modrm >> 3) & 7) | REX_R(s); - if (CODE64(s)) - ot = MO_64; - else - ot = MO_32; - if (reg >= 8) { - goto illegal_op; - } - if (b & 2) { - gen_svm_check_intercept(s, SVM_EXIT_WRITE_DR0 + reg); - gen_op_mov_v_reg(s, ot, s->T0, rm); - tcg_gen_movi_i32(s->tmp2_i32, reg); - gen_helper_set_dr(tcg_env, s->tmp2_i32, s->T0); - s->base.is_jmp = DISAS_EOB_NEXT; - } else { - gen_svm_check_intercept(s, SVM_EXIT_READ_DR0 + reg); - tcg_gen_movi_i32(s->tmp2_i32, reg); - gen_helper_get_dr(s->T0, tcg_env, s->tmp2_i32); - gen_op_mov_reg_v(s, ot, rm, s->T0); - } - } - break; case 0x106: /* clts */ if (check_cpl0(s)) { gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0); diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc index cd925fe3589..0f31e1f455d 100644 --- a/target/i386/tcg/decode-new.c.inc +++ b/target/i386/tcg/decode-new.c.inc @@ -151,6 +151,8 @@ X86_OP_GROUP3(op, op0, s0, 2op, s0, op1, s1, ## __VA_ARGS__) #define X86_OP_GROUPw(op, op0, s0, ...) \ X86_OP_GROUP3(op, op0, s0, None, None, None, None, ## __VA_ARGS__) +#define X86_OP_GROUPwr(op, op0, s0, op1, s1, ...) \ + X86_OP_GROUP3(op, op0, s0, op1, s1, None, None, ## __VA_ARGS__) #define X86_OP_GROUP0(op, ...) \ X86_OP_GROUP3(op, None, None, None, None, None, None, ## __VA_ARGS__) @@ -985,6 +987,24 @@ static void decode_0FE6(DisasContext *s, CPUX86State *env, X86OpEntry *entry, ui *entry = *decode_by_prefix(s, opcodes_0FE6); } +/* + * These ignore the mod bits (assume (modrm&0xc0)==0xc0), so group the + * pre-decode tweak here for all MOVs from/to CR and DR. + * + * AMD documentation (24594.pdf) and testing of Intel 386 and 486 + * processors all show that the mod bits are assumed to be 1's, + * regardless of actual values. + */ +static void decode_MOV_CR_DR(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint8_t *b) +{ + /* + */ + get_modrm(s, env); + s->modrm |= 0xC0; + + entry->gen = gen_MOV; +} + static const X86OpEntry opcodes_0F[256] = { [0x0E] = X86_OP_ENTRY0(EMMS, cpuid(3DNOW)), /* femms */ /* @@ -1004,6 +1024,15 @@ static const X86OpEntry opcodes_0F[256] = { /* Incorrectly listed as Mq,Vq in the manual */ [0x17] = X86_OP_ENTRY3(VMOVHPx_st, M,q, None,None, V,dq, vex5 p_00_66), + /* + * Incorrectly listed as using "d" operand type in the manual. In reality + * there's no 16-bit version (like y) and it does not use REX.W (like d64). + */ + [0x20] = X86_OP_GROUPwr(MOV_CR_DR, R,y_d64, C,y_d64, chk(cpl0) svm(READ_CR0)), + [0x21] = X86_OP_GROUPwr(MOV_CR_DR, R,y_d64, D,y_d64, chk(cpl0) svm(READ_DR0)), + [0x22] = X86_OP_GROUPwr(MOV_CR_DR, C,y_d64, R,y_d64, zextT0 chk(cpl0) svm(WRITE_CR0)), + [0x23] = X86_OP_GROUPwr(MOV_CR_DR, D,y_d64, R,y_d64, zextT0 chk(cpl0) svm(WRITE_DR0)), + [0x40] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)), [0x41] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)), [0x42] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)), @@ -1725,6 +1754,10 @@ static bool decode_op_size(DisasContext *s, X86OpEntry *e, X86OpSize size, MemOp *ot = s->dflag == MO_16 ? MO_32 : s->dflag; return true; + case X86_SIZE_y_d64: /* Full (not 16-bit) register access */ + *ot = CODE64(s) ? MO_64 : MO_32; + return true; + case X86_SIZE_z: /* 16-bit for 16-bit operand size, else 32-bit */ *ot = s->dflag == MO_16 ? MO_16 : MO_32; return true; @@ -1802,11 +1835,34 @@ static bool decode_op(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode, case X86_TYPE_C: /* REG in the modrm byte selects a control register */ op->unit = X86_OP_CR; - goto get_reg; + op->n = ((get_modrm(s, env) >> 3) & 7) | REX_R(s); + if (op->n == 0 && (s->prefix & PREFIX_LOCK) && + (s->cpuid_ext3_features & CPUID_EXT3_CR8LEG)) { + op->n = 8; + s->prefix &= ~PREFIX_LOCK; + } + if (op->n != 0 && op->n != 2 && op->n != 3 && op->n != 4 && op->n != 8) { + return false; + } + if (decode->e.intercept) { + decode->e.intercept += op->n; + } + break; case X86_TYPE_D: /* REG in the modrm byte selects a debug register */ op->unit = X86_OP_DR; - goto get_reg; + op->n = ((get_modrm(s, env) >> 3) & 7) | REX_R(s); + if (op->n >= 8) { + /* + * illegal opcode. The DR4 and DR5 case is checked in the generated + * code instead, to save on hflags bits. + */ + return false; + } + if (decode->e.intercept) { + decode->e.intercept += op->n; + } + break; case X86_TYPE_G: /* REG in the modrm byte selects a GPR */ op->unit = X86_OP_INT; @@ -2431,7 +2487,6 @@ static void disas_insn(DisasContext *s, CPUState *cpu) case 0x00 ... 0x03: /* mostly privileged instructions */ case 0x05 ... 0x09: case 0x1a ... 0x1b: /* MPX */ - case 0x20 ... 0x23: /* mov from/to CR and DR */ case 0x30 ... 0x35: /* more privileged instructions */ case 0xa2 ... 0xa5: /* CPUID, BT, SHLD */ case 0xaa ... 0xae: /* RSM, SHRD, grp15 */ diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc index e6521632edd..db56bf7aee1 100644 --- a/target/i386/tcg/emit.c.inc +++ b/target/i386/tcg/emit.c.inc @@ -242,12 +242,20 @@ static void gen_load(DisasContext *s, X86DecodedInsn *decode, int opn, TCGv v) tcg_gen_ld32u_tl(v, tcg_env, offsetof(CPUX86State,segs[op->n].selector)); break; +#ifndef CONFIG_USER_ONLY case X86_OP_CR: - tcg_gen_ld_tl(v, tcg_env, offsetof(CPUX86State, cr[op->n])); + if (op->n == 8) { + translator_io_start(&s->base); + gen_helper_read_crN(v, tcg_env, tcg_constant_i32(op->n)); + } else { + tcg_gen_ld_tl(v, tcg_env, offsetof(CPUX86State, cr[op->n])); + } break; case X86_OP_DR: - tcg_gen_ld_tl(v, tcg_env, offsetof(CPUX86State, dr[op->n])); + /* CR4.DE tested in the helper. */ + gen_helper_get_dr(v, tcg_env, tcg_constant_i32(op->n)); break; +#endif case X86_OP_INT: if (op->has_ea) { if (v == s->T0 && decode->e.special == X86_SPECIAL_SExtT0) { @@ -343,8 +351,20 @@ static void gen_writeback(DisasContext *s, X86DecodedInsn *decode, int opn, TCGv 16, 16, 0); } break; +#ifndef CONFIG_USER_ONLY case X86_OP_CR: + if (op->n == 8) { + translator_io_start(&s->base); + } + gen_helper_write_crN(tcg_env, tcg_constant_i32(op->n), v); + s->base.is_jmp = DISAS_EOB_NEXT; + break; case X86_OP_DR: + /* CR4.DE tested in the helper. */ + gen_helper_set_dr(tcg_env, tcg_constant_i32(op->n), v); + s->base.is_jmp = DISAS_EOB_NEXT; + break; +#endif default: g_assert_not_reached(); } -- 2.45.2 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PULL v2 00/25] target/i386, SCSI changes for 2024-06-11 2024-06-17 8:13 [PULL v2 00/25] target/i386, SCSI changes for 2024-06-11 Paolo Bonzini 2024-06-17 8:13 ` [PULL 13/25] target/i386: convert MOV from/to CR and DR to new decoder Paolo Bonzini @ 2024-06-17 21:22 ` Richard Henderson 1 sibling, 0 replies; 4+ messages in thread From: Richard Henderson @ 2024-06-17 21:22 UTC (permalink / raw) To: Paolo Bonzini, qemu-devel On 6/17/24 01:13, Paolo Bonzini wrote: > The following changes since commit 80e8f0602168f451a93e71cbb1d59e93d745e62e: > > Merge tag 'bsd-user-misc-2024q2-pull-request' of gitlab.com:bsdimp/qemu into staging (2024-06-09 11:21:55 -0700) > > are available in the Git repository at: > > https://gitlab.com/bonzini/qemu.git tags/for-upstream > > for you to fetch changes up to 109238a8d97cd8e85ca614109724a0b1222b21f5: > > target/i386: SEV: do not assume machine->cgs is SEV (2024-06-17 09:47:39 +0200) > > ---------------------------------------------------------------- > * i386: fix issue with cache topology passthrough > * scsi-disk: migrate emulated requests > * i386/sev: fix Coverity issues > * i386/tcg: more conversions to new decoder > > ---------------------------------------------------------------- > > v1->v2: fixed MOV from/to CR and DR in 64-bit modes (does not need REX.W) Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/9.1 as appropriate. r~ ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PULL 00/25] target/i386, SCSI changes for 2024-06-11
@ 2024-06-11 14:24 Paolo Bonzini
2024-06-11 14:25 ` [PULL 13/25] target/i386: convert MOV from/to CR and DR to new decoder Paolo Bonzini
0 siblings, 1 reply; 4+ messages in thread
From: Paolo Bonzini @ 2024-06-11 14:24 UTC (permalink / raw)
To: qemu-devel
The following changes since commit 80e8f0602168f451a93e71cbb1d59e93d745e62e:
Merge tag 'bsd-user-misc-2024q2-pull-request' of gitlab.com:bsdimp/qemu into staging (2024-06-09 11:21:55 -0700)
are available in the Git repository at:
https://gitlab.com/bonzini/qemu.git tags/for-upstream
for you to fetch changes up to 58ab5e809ad66a02b6fa273ba11ed35b8b2fea60:
target/i386: SEV: do not assume machine->cgs is SEV (2024-06-11 14:29:23 +0200)
----------------------------------------------------------------
* i386: fix issue with cache topology passthrough
* scsi-disk: migrate emulated requests
* i386/sev: fix Coverity issues
* i386/tcg: more conversions to new decoder
----------------------------------------------------------------
Chuang Xu (1):
i386/cpu: fixup number of addressable IDs for processor cores in the physical package
Hyman Huang (1):
scsi-disk: Fix crash for VM configured with USB CDROM after live migration
Pankaj Gupta (3):
i386/sev: fix unreachable code coverity issue
i386/sev: Move SEV_COMMON null check before dereferencing
i386/sev: Return when sev_common is null
Paolo Bonzini (20):
target/i386: remove CPUX86State argument from generator functions
target/i386: rewrite flags writeback for ADCX/ADOX
target/i386: put BLS* input in T1, use generic flag writeback
target/i386: change X86_ENTRYr to use T0
target/i386: change X86_ENTRYwr to use T0, use it for moves
target/i386: replace NoSeg special with NoLoadEA
target/i386: fix processing of intercept 0 (read CR0)
target/i386: convert MOV from/to CR and DR to new decoder
target/i386: fix bad sorting of entries in the 0F table
target/i386: finish converting 0F AE to the new decoder
target/i386: replace read_crN helper with read_cr8
target/i386: split X86_CHECK_prot into PE and VM86 checks
target/i386: convert non-grouped, helper-based 2-byte opcodes
target/i386: pull load/writeback out of gen_shiftd_rm_T1
target/i386: adapt gen_shift_count for SHLD/SHRD
target/i386: convert SHLD/SHRD to new decoder
target/i386: convert LZCNT/TZCNT/BSF/BSR/POPCNT to new decoder
target/i386: convert XADD to new decoder
target/i386: convert CMPXCHG to new decoder
target/i386: SEV: do not assume machine->cgs is SEV
target/i386/cpu.h | 9 +-
target/i386/helper.h | 2 +-
target/i386/tcg/decode-new.h | 31 +-
hw/core/machine.c | 1 +
hw/scsi/scsi-disk.c | 24 +-
target/i386/cpu.c | 6 +-
target/i386/sev.c | 11 +-
target/i386/tcg/seg_helper.c | 16 +-
target/i386/tcg/sysemu/misc_helper.c | 20 +-
target/i386/tcg/translate.c | 716 +--------------------
target/i386/tcg/decode-new.c.inc | 381 +++++++----
target/i386/tcg/emit.c.inc | 1162 +++++++++++++++++++++++-----------
12 files changed, 1160 insertions(+), 1219 deletions(-)
--
2.45.1
^ permalink raw reply [flat|nested] 4+ messages in thread* [PULL 13/25] target/i386: convert MOV from/to CR and DR to new decoder 2024-06-11 14:24 [PULL " Paolo Bonzini @ 2024-06-11 14:25 ` Paolo Bonzini 0 siblings, 0 replies; 4+ messages in thread From: Paolo Bonzini @ 2024-06-11 14:25 UTC (permalink / raw) To: qemu-devel; +Cc: Richard Henderson Complete implementation of C and D operand types, then the operations are just MOVs. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- target/i386/tcg/translate.c | 79 -------------------------------- target/i386/tcg/decode-new.c.inc | 53 +++++++++++++++++++-- target/i386/tcg/emit.c.inc | 20 +++++++- 3 files changed, 68 insertions(+), 84 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index fcba9c155f9..4958f4c45d5 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -247,9 +247,6 @@ STUB_HELPER(outb, TCGv_env env, TCGv_i32 port, TCGv_i32 val) STUB_HELPER(outw, TCGv_env env, TCGv_i32 port, TCGv_i32 val) STUB_HELPER(outl, TCGv_env env, TCGv_i32 port, TCGv_i32 val) STUB_HELPER(rdmsr, TCGv_env env) -STUB_HELPER(read_crN, TCGv ret, TCGv_env env, TCGv_i32 reg) -STUB_HELPER(get_dr, TCGv ret, TCGv_env env, TCGv_i32 reg) -STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val) STUB_HELPER(stgi, TCGv_env env) STUB_HELPER(svm_check_intercept, TCGv_env env, TCGv_i32 type) STUB_HELPER(vmload, TCGv_env env, TCGv_i32 aflag) @@ -4192,82 +4189,6 @@ static void disas_insn_old(DisasContext *s, CPUState *cpu, int b) gen_nop_modrm(env, s, modrm); break; - case 0x120: /* mov reg, crN */ - case 0x122: /* mov crN, reg */ - if (!check_cpl0(s)) { - break; - } - modrm = x86_ldub_code(env, s); - /* - * Ignore the mod bits (assume (modrm&0xc0)==0xc0). - * AMD documentation (24594.pdf) and testing of Intel 386 and 486 - * processors all show that the mod bits are assumed to be 1's, - * regardless of actual values. - */ - rm = (modrm & 7) | REX_B(s); - reg = ((modrm >> 3) & 7) | REX_R(s); - switch (reg) { - case 0: - if ((prefixes & PREFIX_LOCK) && - (s->cpuid_ext3_features & CPUID_EXT3_CR8LEG)) { - reg = 8; - } - break; - case 2: - case 3: - case 4: - case 8: - break; - default: - goto unknown_op; - } - ot = (CODE64(s) ? MO_64 : MO_32); - - translator_io_start(&s->base); - if (b & 2) { - gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0 + reg); - gen_op_mov_v_reg(s, ot, s->T0, rm); - gen_helper_write_crN(tcg_env, tcg_constant_i32(reg), s->T0); - s->base.is_jmp = DISAS_EOB_NEXT; - } else { - gen_svm_check_intercept(s, SVM_EXIT_READ_CR0 + reg); - gen_helper_read_crN(s->T0, tcg_env, tcg_constant_i32(reg)); - gen_op_mov_reg_v(s, ot, rm, s->T0); - } - break; - - case 0x121: /* mov reg, drN */ - case 0x123: /* mov drN, reg */ - if (check_cpl0(s)) { - modrm = x86_ldub_code(env, s); - /* Ignore the mod bits (assume (modrm&0xc0)==0xc0). - * AMD documentation (24594.pdf) and testing of - * intel 386 and 486 processors all show that the mod bits - * are assumed to be 1's, regardless of actual values. - */ - rm = (modrm & 7) | REX_B(s); - reg = ((modrm >> 3) & 7) | REX_R(s); - if (CODE64(s)) - ot = MO_64; - else - ot = MO_32; - if (reg >= 8) { - goto illegal_op; - } - if (b & 2) { - gen_svm_check_intercept(s, SVM_EXIT_WRITE_DR0 + reg); - gen_op_mov_v_reg(s, ot, s->T0, rm); - tcg_gen_movi_i32(s->tmp2_i32, reg); - gen_helper_set_dr(tcg_env, s->tmp2_i32, s->T0); - s->base.is_jmp = DISAS_EOB_NEXT; - } else { - gen_svm_check_intercept(s, SVM_EXIT_READ_DR0 + reg); - tcg_gen_movi_i32(s->tmp2_i32, reg); - gen_helper_get_dr(s->T0, tcg_env, s->tmp2_i32); - gen_op_mov_reg_v(s, ot, rm, s->T0); - } - } - break; case 0x106: /* clts */ if (check_cpl0(s)) { gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0); diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc index cd925fe3589..4c567911f41 100644 --- a/target/i386/tcg/decode-new.c.inc +++ b/target/i386/tcg/decode-new.c.inc @@ -151,6 +151,8 @@ X86_OP_GROUP3(op, op0, s0, 2op, s0, op1, s1, ## __VA_ARGS__) #define X86_OP_GROUPw(op, op0, s0, ...) \ X86_OP_GROUP3(op, op0, s0, None, None, None, None, ## __VA_ARGS__) +#define X86_OP_GROUPwr(op, op0, s0, op1, s1, ...) \ + X86_OP_GROUP3(op, op0, s0, op1, s1, None, None, ## __VA_ARGS__) #define X86_OP_GROUP0(op, ...) \ X86_OP_GROUP3(op, None, None, None, None, None, None, ## __VA_ARGS__) @@ -985,6 +987,24 @@ static void decode_0FE6(DisasContext *s, CPUX86State *env, X86OpEntry *entry, ui *entry = *decode_by_prefix(s, opcodes_0FE6); } +/* These are a bit weird, so group all the pre-decode tweaks here. */ +static void decode_MOV_CR_DR(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint8_t *b) +{ + /* No 16-bit mode. */ + s->dflag = MO_32; + + /* + * Ignore the mod bits (assume (modrm&0xc0)==0xc0). + * AMD documentation (24594.pdf) and testing of Intel 386 and 486 + * processors all show that the mod bits are assumed to be 1's, + * regardless of actual values. + */ + get_modrm(s, env); + s->modrm |= 0xC0; + + entry->gen = gen_MOV; +} + static const X86OpEntry opcodes_0F[256] = { [0x0E] = X86_OP_ENTRY0(EMMS, cpuid(3DNOW)), /* femms */ /* @@ -1004,6 +1024,11 @@ static const X86OpEntry opcodes_0F[256] = { /* Incorrectly listed as Mq,Vq in the manual */ [0x17] = X86_OP_ENTRY3(VMOVHPx_st, M,q, None,None, V,dq, vex5 p_00_66), + [0x20] = X86_OP_GROUPwr(MOV_CR_DR, R,y, C,y, chk(cpl0) svm(READ_CR0)), + [0x21] = X86_OP_GROUPwr(MOV_CR_DR, R,y, D,y, chk(cpl0) svm(READ_DR0)), + [0x22] = X86_OP_GROUPwr(MOV_CR_DR, C,y, R,y, zextT0 chk(cpl0) svm(WRITE_CR0)), + [0x23] = X86_OP_GROUPwr(MOV_CR_DR, D,y, R,y, zextT0 chk(cpl0) svm(WRITE_DR0)), + [0x40] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)), [0x41] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)), [0x42] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)), @@ -1802,11 +1827,34 @@ static bool decode_op(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode, case X86_TYPE_C: /* REG in the modrm byte selects a control register */ op->unit = X86_OP_CR; - goto get_reg; + op->n = ((get_modrm(s, env) >> 3) & 7) | REX_R(s); + if (op->n == 0 && (s->prefix & PREFIX_LOCK) && + (s->cpuid_ext3_features & CPUID_EXT3_CR8LEG)) { + op->n = 8; + s->prefix &= ~PREFIX_LOCK; + } + if (op->n != 0 && op->n != 2 && op->n != 3 && op->n != 4 && op->n != 8) { + return false; + } + if (decode->e.intercept) { + decode->e.intercept += op->n; + } + break; case X86_TYPE_D: /* REG in the modrm byte selects a debug register */ op->unit = X86_OP_DR; - goto get_reg; + op->n = ((get_modrm(s, env) >> 3) & 7) | REX_R(s); + if (op->n >= 8) { + /* + * illegal opcode. The DR4 and DR5 case is checked in the generated + * code instead, to save on hflags bits. + */ + return false; + } + if (decode->e.intercept) { + decode->e.intercept += op->n; + } + break; case X86_TYPE_G: /* REG in the modrm byte selects a GPR */ op->unit = X86_OP_INT; @@ -2431,7 +2479,6 @@ static void disas_insn(DisasContext *s, CPUState *cpu) case 0x00 ... 0x03: /* mostly privileged instructions */ case 0x05 ... 0x09: case 0x1a ... 0x1b: /* MPX */ - case 0x20 ... 0x23: /* mov from/to CR and DR */ case 0x30 ... 0x35: /* more privileged instructions */ case 0xa2 ... 0xa5: /* CPUID, BT, SHLD */ case 0xaa ... 0xae: /* RSM, SHRD, grp15 */ diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc index e6521632edd..bcb6bccbd75 100644 --- a/target/i386/tcg/emit.c.inc +++ b/target/i386/tcg/emit.c.inc @@ -242,12 +242,19 @@ static void gen_load(DisasContext *s, X86DecodedInsn *decode, int opn, TCGv v) tcg_gen_ld32u_tl(v, tcg_env, offsetof(CPUX86State,segs[op->n].selector)); break; +#ifndef CONFIG_USER_ONLY case X86_OP_CR: - tcg_gen_ld_tl(v, tcg_env, offsetof(CPUX86State, cr[op->n])); + if (op->n == 8) { + gen_helper_read_crN(v, tcg_env, tcg_constant_i32(op->n)); + } else { + tcg_gen_ld_tl(v, tcg_env, offsetof(CPUX86State, cr[op->n])); + } break; case X86_OP_DR: - tcg_gen_ld_tl(v, tcg_env, offsetof(CPUX86State, dr[op->n])); + /* CR4.DE tested in the helper. */ + gen_helper_get_dr(v, tcg_env, tcg_constant_i32(op->n)); break; +#endif case X86_OP_INT: if (op->has_ea) { if (v == s->T0 && decode->e.special == X86_SPECIAL_SExtT0) { @@ -343,8 +350,17 @@ static void gen_writeback(DisasContext *s, X86DecodedInsn *decode, int opn, TCGv 16, 16, 0); } break; +#ifndef CONFIG_USER_ONLY case X86_OP_CR: + gen_helper_write_crN(tcg_env, tcg_constant_i32(op->n), v); + s->base.is_jmp = DISAS_EOB_NEXT; + break; case X86_OP_DR: + /* CR4.DE tested in the helper. */ + gen_helper_set_dr(tcg_env, tcg_constant_i32(op->n), v); + s->base.is_jmp = DISAS_EOB_NEXT; + break; +#endif default: g_assert_not_reached(); } -- 2.45.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-06-17 21:22 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-06-17 8:13 [PULL v2 00/25] target/i386, SCSI changes for 2024-06-11 Paolo Bonzini 2024-06-17 8:13 ` [PULL 13/25] target/i386: convert MOV from/to CR and DR to new decoder Paolo Bonzini 2024-06-17 21:22 ` [PULL v2 00/25] target/i386, SCSI changes for 2024-06-11 Richard Henderson -- strict thread matches above, loose matches on Subject: below -- 2024-06-11 14:24 [PULL " Paolo Bonzini 2024-06-11 14:25 ` [PULL 13/25] target/i386: convert MOV from/to CR and DR to new decoder Paolo Bonzini
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).