OpenCores
URL https://opencores.org/ocsvn/ao486/ao486/trunk

Subversion Repositories ao486

[/] [ao486/] [trunk/] [bochs486/] [cpu/] [tasking.cc] - Blame information for rev 3

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 2 alfik 
/////////////////////////////////////////////////////////////////////////
2 
// $Id: tasking.cc 11654 2013-03-15 08:26:22Z sshwarts $
3 
/////////////////////////////////////////////////////////////////////////
4 
//
5 
//  Copyright (C) 2001-2012  The Bochs Project
6 
//
7 
//  This library is free software; you can redistribute it and/or
8 
//  modify it under the terms of the GNU Lesser General Public
9 
//  License as published by the Free Software Foundation; either
10 
//  version 2 of the License, or (at your option) any later version.
11 
//
12 
//  This library is distributed in the hope that it will be useful,
13 
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
14 
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15 
//  Lesser General Public License for more details.
16 
//
17 
//  You should have received a copy of the GNU Lesser General Public
18 
//  License along with this library; if not, write to the Free Software
19 
//  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA B 02110-1301 USA
20 
/////////////////////////////////////////////////////////////////////////
21 
 
22 
#define NEED_CPU_REG_SHORTCUTS 1
23 
#include "bochs.h"
24 
#include "cpu.h"
25 
#define LOG_THIS BX_CPU_THIS_PTR
26 
 
27 
// Notes:
28 
// ======
29 
 
30 
  // ======================
31 
  // 286 Task State Segment
32 
  // ======================
33 
  // dynamic item                      | hex  dec  offset
34 
  // 0       task LDT selector         | 2a   42
35 
  // 1       DS selector               | 28   40
36 
  // 1       SS selector               | 26   38
37 
  // 1       CS selector               | 24   36
38 
  // 1       ES selector               | 22   34
39 
  // 1       DI                        | 20   32
40 
  // 1       SI                        | 1e   30
41 
  // 1       BP                        | 1c   28
42 
  // 1       SP                        | 1a   26
43 
  // 1       BX                        | 18   24
44 
  // 1       DX                        | 16   22
45 
  // 1       CX                        | 14   20
46 
  // 1       AX                        | 12   18
47 
  // 1       flag word                 | 10   16
48 
  // 1       IP (entry point)          | 0e   14
49 
  // 0       SS for CPL 2              | 0c   12
50 
  // 0       SP for CPL 2              | 0a   10
51 
  // 0       SS for CPL 1              | 08   08
52 
  // 0       SP for CPL 1              | 06   06
53 
  // 0       SS for CPL 0              | 04   04
54 
  // 0       SP for CPL 0              | 02   02
55 
  //         back link selector to TSS | 00   00
56 
 
57 
 
58 
  // ======================
59 
  // 386 Task State Segment
60 
  // ======================
61 
  // |31            16|15                    0| hex dec
62 
  // |I/O Map Base    |000000000000000000000|T| 64  100 static
63 
  // |0000000000000000| LDT                   | 60  96  static
64 
  // |0000000000000000| GS selector           | 5c  92  dynamic
65 
  // |0000000000000000| FS selector           | 58  88  dynamic
66 
  // |0000000000000000| DS selector           | 54  84  dynamic
67 
  // |0000000000000000| SS selector           | 50  80  dynamic
68 
  // |0000000000000000| CS selector           | 4c  76  dynamic
69 
  // |0000000000000000| ES selector           | 48  72  dynamic
70 
  // |                EDI                     | 44  68  dynamic
71 
  // |                ESI                     | 40  64  dynamic
72 
  // |                EBP                     | 3c  60  dynamic
73 
  // |                ESP                     | 38  56  dynamic
74 
  // |                EBX                     | 34  52  dynamic
75 
  // |                EDX                     | 30  48  dynamic
76 
  // |                ECX                     | 2c  44  dynamic
77 
  // |                EAX                     | 28  40  dynamic
78 
  // |                EFLAGS                  | 24  36  dynamic
79 
  // |                EIP (entry point)       | 20  32  dynamic
80 
  // |           CR3 (PDPR)                   | 1c  28  static
81 
  // |000000000000000 | SS for CPL 2          | 18  24  static
82 
  // |           ESP for CPL 2                | 14  20  static
83 
  // |000000000000000 | SS for CPL 1          | 10  16  static
84 
  // |           ESP for CPL 1                | 0c  12  static
85 
  // |000000000000000 | SS for CPL 0          | 08  08  static
86 
  // |           ESP for CPL 0                | 04  04  static
87 
  // |000000000000000 | back link to prev TSS | 00  00  dynamic (updated only when return expected)
88 
 
89 
 
90 
  // ==================================================
91 
  // Effect of task switch on Busy, NT, and Link Fields
92 
  // ==================================================
93 
 
94 
  // Field         jump        call/interrupt     iret
95 
  // ------------------------------------------------------
96 
  // new busy bit  Set         Set                No change
97 
  // old busy bit  Cleared     No change          Cleared
98 
  // new NT flag   No change   Set                No change
99 
  // old NT flag   No change   No change          Cleared
100 
  // new link      No change   old TSS selector   No change
101 
  // old link      No change   No change          No change
102 
  // CR0.TS        Set         Set                Set
103 
 
104 
  // Note: I checked 386, 486, and Pentium, and they all exhibited
105 
  //       exactly the same behaviour as above.  There seems to
106 
  //       be some misprints in the Intel docs.
107 
 
108 
void BX_CPU_C::task_switch(bxInstruction_c *i, bx_selector_t *tss_selector,
109 
                 bx_descriptor_t *tss_descriptor, unsigned source,
110 
                 Bit32u dword1, Bit32u dword2, bx_bool push_error, Bit32u error_code)
111 
{
112 
  Bit32u obase32; // base address of old TSS
113 
  Bit32u nbase32; // base address of new TSS
114 
  Bit32u temp32, newCR3;
115 
  Bit16u raw_cs_selector, raw_ss_selector, raw_ds_selector, raw_es_selector,
116 
         raw_fs_selector, raw_gs_selector, raw_ldt_selector;
117 
  Bit16u trap_word;
118 
  bx_selector_t cs_selector, ss_selector, ds_selector, es_selector,
119 
                fs_selector, gs_selector, ldt_selector;
120 
  bx_descriptor_t cs_descriptor, ss_descriptor, ldt_descriptor;
121 
  Bit32u old_TSS_max, new_TSS_max, old_TSS_limit, new_TSS_limit;
122 
  Bit32u newEAX, newECX, newEDX, newEBX;
123 
  Bit32u newESP, newEBP, newESI, newEDI;
124 
  Bit32u newEFLAGS, newEIP;
125 
 
126 
  BX_DEBUG(("TASKING: ENTER"));
127 
 
128 
  invalidate_prefetch_q();
129 
 
130 
  // Discard any traps and inhibits for new context; traps will
131 
  // resume upon return.
132 
  BX_CPU_THIS_PTR debug_trap &= ~BX_DEBUG_SINGLE_STEP_BIT;
133 
  BX_CPU_THIS_PTR inhibit_mask = 0;
134 
 
135 
  // STEP 1: The following checks are made before calling task_switch(),
136 
  //         for JMP & CALL only. These checks are NOT made for exceptions,
137 
  //         interrupts & IRET.
138 
  //
139 
  //   1) TSS DPL must be >= CPL
140 
  //   2) TSS DPL must be >= TSS selector RPL
141 
  //   3) TSS descriptor is not busy.
142 
 
143 
  // STEP 2: The processor performs limit-checking on the target TSS
144 
  //         to verify that the TSS limit is greater than or equal
145 
  //         to 67h (2Bh for 16-bit TSS).
146 
 
147 
  // Gather info about new TSS
148 
  if (tss_descriptor->type <= 3) { // {1,3}
149 
    new_TSS_max = 0x2B;
150 
  }
151 
  else { // tss_descriptor->type = {9,11}
152 
    new_TSS_max = 0x67;
153 
  }
154 
 
155 
  nbase32 = (Bit32u) tss_descriptor->u.segment.base;
156 
  new_TSS_limit = tss_descriptor->u.segment.limit_scaled;
157 
 
158 
  if (new_TSS_limit < new_TSS_max) {
159 
    BX_ERROR(("task_switch(): new TSS limit < %d", new_TSS_max));
160 
    exception(BX_TS_EXCEPTION, tss_selector->value & 0xfffc);
161 
  }
162 
 
163 
#if BX_SUPPORT_SVM
164 
  if (BX_CPU_THIS_PTR in_svm_guest) {
165 
    if (SVM_INTERCEPT(SVM_INTERCEPT0_TASK_SWITCH))
166 
      SvmInterceptTaskSwitch(tss_selector->value, source, push_error, error_code);
167 
  }
168 
#endif
169 
 
170 
#if BX_SUPPORT_VMX
171 
  if (BX_CPU_THIS_PTR in_vmx_guest)
172 
    VMexit_TaskSwitch(tss_selector->value, source);
173 
#endif
174 
 
175 
  // Gather info about old TSS
176 
  if (BX_CPU_THIS_PTR tr.cache.type <= 3) {
177 
    old_TSS_max = 0x29;
178 
  }
179 
  else {
180 
    old_TSS_max = 0x5F;
181 
  }
182 
 
183 
  obase32 = (Bit32u) BX_CPU_THIS_PTR tr.cache.u.segment.base;        // old TSS.base
184 
  old_TSS_limit = BX_CPU_THIS_PTR tr.cache.u.segment.limit_scaled;
185 
 
186 
  if (old_TSS_limit < old_TSS_max) {
187 
    BX_ERROR(("task_switch(): old TSS limit < %d", old_TSS_max));
188 
    exception(BX_TS_EXCEPTION, BX_CPU_THIS_PTR tr.selector.value & 0xfffc);
189 
  }
190 
 
191 
  if (obase32 == nbase32) {
192 
    BX_INFO(("TASK SWITCH: switching to the same TSS !"));
193 
  }
194 
 
195 
  // Check that old TSS, new TSS, and all segment descriptors
196 
  // used in the task switch are paged in.
197 
  if (BX_CPU_THIS_PTR cr0.get_PG())
198 
  {
199 
    translate_linear(BX_TLB_ENTRY_OF(nbase32), nbase32, 0, BX_READ);  // old TSS
200 
    translate_linear(BX_TLB_ENTRY_OF(nbase32 + new_TSS_max), nbase32 + new_TSS_max, 0, BX_READ);
201 
 
202 
    // ??? Humm, we check the new TSS region with READ above,
203 
    // but sometimes we need to write the link field in that
204 
    // region.  We also sometimes update other fields, perhaps
205 
    // we need to WRITE check them here also, so that we keep
206 
    // the written state consistent (ie, we don't encounter a
207 
    // page fault in the middle).
208 
 
209 
    if (source == BX_TASK_FROM_CALL || source == BX_TASK_FROM_INT)
210 
    {
211 
      translate_linear(BX_TLB_ENTRY_OF(nbase32),     nbase32,     0, BX_WRITE);
212 
      translate_linear(BX_TLB_ENTRY_OF(nbase32 + 1), nbase32 + 1, 0, BX_WRITE);
213 
    }
214 
  }
215 
 
216 
  // Privilege and busy checks done in CALL, JUMP, INT, IRET
217 
 
218 
  // Step 3: If JMP or IRET, clear busy bit in old task TSS descriptor,
219 
  //         otherwise leave set.
220 
 
221 
  // effect on Busy bit of old task
222 
  if (source == BX_TASK_FROM_JUMP || source == BX_TASK_FROM_IRET) {
223 
    // Bit is cleared
224 
    Bit32u laddr = (Bit32u) BX_CPU_THIS_PTR gdtr.base + (BX_CPU_THIS_PTR tr.selector.index<<3) + 4;
225 
    access_read_linear(laddr, 4, 0, BX_RW, &temp32);
226 
    temp32 &= ~0x200;
227 
    access_write_linear(laddr, 4, 0, &temp32);
228 
  }
229 
 
230 
  // STEP 4: If the task switch was initiated with an IRET instruction,
231 
  //         clears the NT flag in a temporarily saved EFLAGS image;
232 
  //         if initiated with a CALL or JMP instruction, an exception, or
233 
  //         an interrupt, the NT flag is left unchanged.
234 
 
235 
  Bit32u oldEFLAGS = read_eflags();
236 
 
237 
  /* if moving to busy task, clear NT bit */
238 
  if (tss_descriptor->type == BX_SYS_SEGMENT_BUSY_286_TSS ||
239 
      tss_descriptor->type == BX_SYS_SEGMENT_BUSY_386_TSS)
240 
  {
241 
    oldEFLAGS &= ~EFlagsNTMask;
242 
  }
243 
 
244 
  // STEP 5: Save the current task state in the TSS. Up to this point,
245 
  //         any exception that occurs aborts the task switch without
246 
  //         changing the processor state.
247 
 
248 
  /* save current machine state in old task's TSS */
249 
 
250 
  if (BX_CPU_THIS_PTR tr.cache.type <= 3) {
251 
    // check that we won't page fault while writing
252 
    if (BX_CPU_THIS_PTR cr0.get_PG()) {
253 
      Bit32u start = Bit32u(obase32 + 14), end = Bit32u(obase32 + 41);
254 
 
255 
      translate_linear(BX_TLB_ENTRY_OF(start), start, 0, BX_WRITE);
256 
      translate_linear(BX_TLB_ENTRY_OF(end),   end,   0, BX_WRITE);
257 
    }
258 
 
259 
    system_write_word(Bit32u(obase32 + 14), IP);
260 
    system_write_word(Bit32u(obase32 + 16), oldEFLAGS);
261 
    system_write_word(Bit32u(obase32 + 18), AX);
262 
    system_write_word(Bit32u(obase32 + 20), CX);
263 
    system_write_word(Bit32u(obase32 + 22), DX);
264 
    system_write_word(Bit32u(obase32 + 24), BX);
265 
    system_write_word(Bit32u(obase32 + 26), SP);
266 
    system_write_word(Bit32u(obase32 + 28), BP);
267 
    system_write_word(Bit32u(obase32 + 30), SI);
268 
    system_write_word(Bit32u(obase32 + 32), DI);
269 
 
270 
    system_write_word(Bit32u(obase32 + 34),
271 
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value);
272 
    system_write_word(Bit32u(obase32 + 36),
273 
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector.value);
274 
    system_write_word(Bit32u(obase32 + 38),
275 
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector.value);
276 
    system_write_word(Bit32u(obase32 + 40),
277 
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector.value);
278 
  }
279 
  else {
280 
    // check that we won't page fault while writing
281 
    if (BX_CPU_THIS_PTR cr0.get_PG()) {
282 
      Bit32u start = Bit32u(obase32 + 0x20), end = Bit32u(obase32 + 0x5d);
283 
 
284 
      translate_linear(BX_TLB_ENTRY_OF(start), start, 0, BX_WRITE);
285 
      translate_linear(BX_TLB_ENTRY_OF(end),   end,   0, BX_WRITE);
286 
    }
287 
 
288 
    system_write_dword(Bit32u(obase32 + 0x20), EIP);
289 
    system_write_dword(Bit32u(obase32 + 0x24), oldEFLAGS);
290 
    system_write_dword(Bit32u(obase32 + 0x28), EAX);
291 
    system_write_dword(Bit32u(obase32 + 0x2c), ECX);
292 
    system_write_dword(Bit32u(obase32 + 0x30), EDX);
293 
    system_write_dword(Bit32u(obase32 + 0x34), EBX);
294 
    system_write_dword(Bit32u(obase32 + 0x38), ESP);
295 
    system_write_dword(Bit32u(obase32 + 0x3c), EBP);
296 
    system_write_dword(Bit32u(obase32 + 0x40), ESI);
297 
    system_write_dword(Bit32u(obase32 + 0x44), EDI);
298 
 
299 
    system_write_word(Bit32u(obase32 + 0x48),
300 
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value);
301 
    system_write_word(Bit32u(obase32 + 0x4c),
302 
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector.value);
303 
    system_write_word(Bit32u(obase32 + 0x50),
304 
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector.value);
305 
    system_write_word(Bit32u(obase32 + 0x54),
306 
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector.value);
307 
    system_write_word(Bit32u(obase32 + 0x58),
308 
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].selector.value);
309 
    system_write_word(Bit32u(obase32 + 0x5c),
310 
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].selector.value);
311 
  }
312 
 
313 
  // effect on link field of new task
314 
  if (source == BX_TASK_FROM_CALL || source == BX_TASK_FROM_INT)
315 
  {
316 
    // set to selector of old task's TSS
317 
    system_write_word(nbase32, BX_CPU_THIS_PTR tr.selector.value);
318 
  }
319 
 
320 
  // STEP 6: The new-task state is loaded from the TSS
321 
 
322 
  if (tss_descriptor->type <= 3) {
323 
    newEIP    = system_read_word(Bit32u(nbase32 + 14));
324 
    newEFLAGS = system_read_word(Bit32u(nbase32 + 16));
325 
 
326 
    // incoming TSS is 16bit:
327 
    //   - upper word of general registers is set to 0xFFFF
328 
    //   - upper word of eflags is zero'd
329 
    //   - FS, GS are zero'd
330 
    //   - upper word of eIP is zero'd
331 
    Bit16u temp16 = system_read_word(Bit32u(nbase32 + 18));
332 
      newEAX = 0xffff0000 | temp16;
333 
    temp16 = system_read_word(Bit32u(nbase32 + 20));
334 
      newECX = 0xffff0000 | temp16;
335 
    temp16 = system_read_word(Bit32u(nbase32 + 22));
336 
      newEDX = 0xffff0000 | temp16;
337 
    temp16 = system_read_word(Bit32u(nbase32 + 24));
338 
      newEBX = 0xffff0000 | temp16;
339 
    temp16 = system_read_word(Bit32u(nbase32 + 26));
340 
      newESP = 0xffff0000 | temp16;
341 
    temp16 = system_read_word(Bit32u(nbase32 + 28));
342 
      newEBP = 0xffff0000 | temp16;
343 
    temp16 = system_read_word(Bit32u(nbase32 + 30));
344 
      newESI = 0xffff0000 | temp16;
345 
    temp16 = system_read_word(Bit32u(nbase32 + 32));
346 
      newEDI = 0xffff0000 | temp16;
347 
 
348 
    raw_es_selector  = system_read_word(Bit32u(nbase32 + 34));
349 
    raw_cs_selector  = system_read_word(Bit32u(nbase32 + 36));
350 
    raw_ss_selector  = system_read_word(Bit32u(nbase32 + 38));
351 
    raw_ds_selector  = system_read_word(Bit32u(nbase32 + 40));
352 
    raw_ldt_selector = system_read_word(Bit32u(nbase32 + 42));
353 
 
354 
    raw_fs_selector = 0; // use a NULL selector
355 
    raw_gs_selector = 0; // use a NULL selector
356 
    // No CR3 change for 286 task switch
357 
    newCR3 = 0;   // keep compiler happy (not used)
358 
    trap_word = 0; // keep compiler happy (not used)
359 
  }
360 
  else {
361 
    if (BX_CPU_THIS_PTR cr0.get_PG())
362 
      newCR3 = system_read_dword(Bit32u(nbase32 + 0x1c));
363 
    else
364 
      newCR3 = 0;   // keep compiler happy (not used)
365 
 
366 
    newEIP    = system_read_dword(Bit32u(nbase32 + 0x20));
367 
    newEFLAGS = system_read_dword(Bit32u(nbase32 + 0x24));
368 
    newEAX    = system_read_dword(Bit32u(nbase32 + 0x28));
369 
    newECX    = system_read_dword(Bit32u(nbase32 + 0x2c));
370 
    newEDX    = system_read_dword(Bit32u(nbase32 + 0x30));
371 
    newEBX    = system_read_dword(Bit32u(nbase32 + 0x34));
372 
    newESP    = system_read_dword(Bit32u(nbase32 + 0x38));
373 
    newEBP    = system_read_dword(Bit32u(nbase32 + 0x3c));
374 
    newESI    = system_read_dword(Bit32u(nbase32 + 0x40));
375 
    newEDI    = system_read_dword(Bit32u(nbase32 + 0x44));
376 
 
377 
    raw_es_selector  = system_read_word(Bit32u(nbase32 + 0x48));
378 
    raw_cs_selector  = system_read_word(Bit32u(nbase32 + 0x4c));
379 
    raw_ss_selector  = system_read_word(Bit32u(nbase32 + 0x50));
380 
    raw_ds_selector  = system_read_word(Bit32u(nbase32 + 0x54));
381 
    raw_fs_selector  = system_read_word(Bit32u(nbase32 + 0x58));
382 
    raw_gs_selector  = system_read_word(Bit32u(nbase32 + 0x5c));
383 
    raw_ldt_selector = system_read_word(Bit32u(nbase32 + 0x60));
384 
    trap_word        = system_read_word(Bit32u(nbase32 + 0x64));
385 
  }
386 
 
387 
  // Step 7: If CALL, interrupt, or JMP, set busy flag in new task's
388 
  //         TSS descriptor.  If IRET, leave set.
389 
 
390 
  if (source != BX_TASK_FROM_IRET)
391 
  {
392 
    // set the new task's busy bit
393 
    Bit32u laddr = (Bit32u)(BX_CPU_THIS_PTR gdtr.base) + (tss_selector->index<<3) + 4;
394 
    access_read_linear(laddr, 4, 0, BX_RW, &dword2);
395 
    dword2 |= 0x200;
396 
    access_write_linear(laddr, 4, 0, &dword2);
397 
  }
398 
 
399 
  //
400 
  // Commit point.  At this point, we commit to the new
401 
  // context.  If an unrecoverable error occurs in further
402 
  // processing, we complete the task switch without performing
403 
  // additional access and segment availablility checks and
404 
  // generate the appropriate exception prior to beginning
405 
  // execution of the new task.
406 
  //
407 
 
408 
  // Step 8: Load the task register with the segment selector and
409 
  //         descriptor for the new task TSS.
410 
 
411 
  BX_CPU_THIS_PTR tr.selector = *tss_selector;
412 
  BX_CPU_THIS_PTR tr.cache    = *tss_descriptor;
413 
  BX_CPU_THIS_PTR tr.cache.type |= 2; // mark TSS in TR as busy
414 
 
415 
  // Step 9: Set TS flag in the CR0 image stored in the new task TSS.
416 
  BX_CPU_THIS_PTR cr0.set_TS(1);
417 
 
418 
  // Task switch clears LE/L3/L2/L1/L0 in DR7
419 
  BX_CPU_THIS_PTR dr7.val32 &= ~0x00000155;
420 
 
421 
  // Step 10: If call or interrupt, set the NT flag in the eflags
422 
  //          image stored in new task's TSS.  If IRET or JMP,
423 
  //          NT is restored from new TSS eflags image. (no change)
424 
 
425 
  // effect on NT flag of new task
426 
  if (source == BX_TASK_FROM_CALL || source == BX_TASK_FROM_INT) {
427 
    newEFLAGS |= EFlagsNTMask; // NT flag is set
428 
  }
429 
 
430 
  // Step 11: Load the new task (dynamic) state from new TSS.
431 
  //          Any errors associated with loading and qualification of
432 
  //          segment descriptors in this step occur in the new task's
433 
  //          context.  State loaded here includes LDTR, CR3,
434 
  //          EFLAGS, EIP, general purpose registers, and segment
435 
  //          descriptor parts of the segment registers.
436 
 
437 
  BX_CPU_THIS_PTR prev_rip = EIP = newEIP;
438 
 
439 
  EAX = newEAX;
440 
  ECX = newECX;
441 
  EDX = newEDX;
442 
  EBX = newEBX;
443 
  ESP = newESP;
444 
  EBP = newEBP;
445 
  ESI = newESI;
446 
  EDI = newEDI;
447 
 
448 
  BX_CPU_THIS_PTR speculative_rsp = 0;
449 
 
450 
  writeEFlags(newEFLAGS, EFlagsValidMask);
451 
 
452 
  // Fill in selectors for all segment registers.  If errors
453 
  // occur later, the selectors will at least be loaded.
454 
  parse_selector(raw_cs_selector, &cs_selector);
455 
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector = cs_selector;
456 
  parse_selector(raw_ss_selector, &ss_selector);
457 
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector = ss_selector;
458 
  parse_selector(raw_ds_selector, &ds_selector);
459 
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector = ds_selector;
460 
  parse_selector(raw_es_selector, &es_selector);
461 
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector = es_selector;
462 
  parse_selector(raw_fs_selector, &fs_selector);
463 
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].selector = fs_selector;
464 
  parse_selector(raw_gs_selector, &gs_selector);
465 
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].selector = gs_selector;
466 
  parse_selector(raw_ldt_selector, &ldt_selector);
467 
  BX_CPU_THIS_PTR ldtr.selector = ldt_selector;
468 
 
469 
  // Start out with invalid descriptor caches, fill in with
470 
  // values only as they are validated
471 
  BX_CPU_THIS_PTR ldtr.cache.valid = 0;
472 
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.valid = 0;
473 
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].cache.valid = 0;
474 
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].cache.valid = 0;
475 
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].cache.valid = 0;
476 
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].cache.valid = 0;
477 
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].cache.valid = 0;
478 
 
479 
  if ((tss_descriptor->type >= 9) && BX_CPU_THIS_PTR cr0.get_PG()) {
480 
    // change CR3 only if it actually modified
481 
    if (newCR3 != BX_CPU_THIS_PTR cr3) {
482 
      BX_DEBUG(("task_switch changing CR3 to 0x%08x", newCR3));
483 
 
484 
      if (! SetCR3(newCR3)) // Tell paging unit about new cr3 value
485 
        exception(BX_TS_EXCEPTION, 0);
486 
 
487 
#if BX_CPU_LEVEL >= 6
488 
      if (BX_CPU_THIS_PTR cr0.get_PG() && BX_CPU_THIS_PTR cr4.get_PAE()) {
489 
        if (! CheckPDPTR(newCR3)) {
490 
          BX_ERROR(("task_switch(exception after commit point): PDPTR check failed !"));
491 
 
492 
          // clear PDPTRs before raising task switch exception
493 
          for (unsigned n=0; n<4; n++)
494 
            BX_CPU_THIS_PTR PDPTR_CACHE.entry[n] = 0;
495 
 
496 
          exception(BX_TS_EXCEPTION, 0);
497 
        }
498 
      }
499 
#endif
500 
 
501 
      BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_TASK_SWITCH, newCR3);
502 
    }
503 
  }
504 
 
505 
  unsigned save_CPL = CPL;
506 
  /* set CPL to 3 to force a privilege level change and stack switch if SS
507 
     is not properly loaded */
508 
  CPL = 3;
509 
 
510 
  // LDTR
511 
  if (ldt_selector.ti) {
512 
    // LDT selector must be in GDT
513 
    BX_INFO(("task_switch(exception after commit point): bad LDT selector TI=1"));
514 
    exception(BX_TS_EXCEPTION, raw_ldt_selector & 0xfffc);
515 
  }
516 
 
517 
  if ((raw_ldt_selector & 0xfffc) != 0) {
518 
    bx_bool good = fetch_raw_descriptor2(&ldt_selector, &dword1, &dword2);
519 
    if (!good) {
520 
      BX_ERROR(("task_switch(exception after commit point): bad LDT fetch"));
521 
      exception(BX_TS_EXCEPTION, raw_ldt_selector & 0xfffc);
522 
    }
523 
 
524 
    parse_descriptor(dword1, dword2, &ldt_descriptor);
525 
 
526 
    // LDT selector of new task is valid, else #TS(new task's LDT)
527 
    if (ldt_descriptor.valid==0 ||
528 
        ldt_descriptor.type!=BX_SYS_SEGMENT_LDT ||
529 
        ldt_descriptor.segment)
530 
    {
531 
      BX_ERROR(("task_switch(exception after commit point): bad LDT segment"));
532 
      exception(BX_TS_EXCEPTION, raw_ldt_selector & 0xfffc);
533 
    }
534 
 
535 
    // LDT of new task is present in memory, else #TS(new tasks's LDT)
536 
    if (! IS_PRESENT(ldt_descriptor)) {
537 
      BX_ERROR(("task_switch(exception after commit point): LDT not present"));
538 
      exception(BX_TS_EXCEPTION, raw_ldt_selector & 0xfffc);
539 
    }
540 
 
541 
    // All checks pass, fill in LDTR shadow cache
542 
    BX_CPU_THIS_PTR ldtr.cache = ldt_descriptor;
543 
  }
544 
  else {
545 
    // NULL LDT selector is OK, leave cache invalid
546 
  }
547 
 
548 
  if (v8086_mode()) {
549 
    // load seg regs as 8086 registers
550 
    load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS], raw_ss_selector);
551 
    load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS], raw_ds_selector);
552 
    load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES], raw_es_selector);
553 
    load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS], raw_fs_selector);
554 
    load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS], raw_gs_selector);
555 
    load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS], raw_cs_selector);
556 
    // CPL is set from CS selector
557 
  }
558 
  else {
559 
 
560 
    // SS
561 
    if ((raw_ss_selector & 0xfffc) != 0)
562 
    {
563 
      bx_bool good = fetch_raw_descriptor2(&ss_selector, &dword1, &dword2);
564 
      if (!good) {
565 
        BX_ERROR(("task_switch(exception after commit point): bad SS fetch"));
566 
        exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc);
567 
      }
568 
 
569 
      parse_descriptor(dword1, dword2, &ss_descriptor);
570 
 
571 
      // SS selector must be within its descriptor table limits else #TS(SS)
572 
      // SS descriptor AR byte must must indicate writable data segment,
573 
      // else #TS(SS)
574 
      if (ss_descriptor.valid==0 || ss_descriptor.segment==0 ||
575 
           IS_CODE_SEGMENT(ss_descriptor.type) ||
576 
          !IS_DATA_SEGMENT_WRITEABLE(ss_descriptor.type))
577 
      {
578 
        BX_ERROR(("task_switch(exception after commit point): SS not valid or writeable segment"));
579 
        exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc);
580 
      }
581 
 
582 
      //
583 
      // Stack segment is present in memory, else #SS(new stack segment)
584 
      //
585 
      if (! IS_PRESENT(ss_descriptor)) {
586 
        BX_ERROR(("task_switch(exception after commit point): SS not present"));
587 
        exception(BX_SS_EXCEPTION, raw_ss_selector & 0xfffc);
588 
      }
589 
 
590 
      // Stack segment DPL matches CS.RPL, else #TS(new stack segment)
591 
      if (ss_descriptor.dpl != cs_selector.rpl) {
592 
        BX_ERROR(("task_switch(exception after commit point): SS.rpl != CS.RPL"));
593 
        exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc);
594 
      }
595 
 
596 
      // Stack segment DPL matches selector RPL, else #TS(new stack segment)
597 
      if (ss_descriptor.dpl != ss_selector.rpl) {
598 
        BX_ERROR(("task_switch(exception after commit point): SS.dpl != SS.rpl"));
599 
        exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc);
600 
      }
601 
 
602 
      touch_segment(&ss_selector, &ss_descriptor);
603 
 
604 
      // All checks pass, fill in shadow cache
605 
      BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].cache = ss_descriptor;
606 
 
607 
      invalidate_stack_cache();
608 
    }
609 
    else {
610 
      // SS selector is valid, else #TS(new stack segment)
611 
      BX_ERROR(("task_switch(exception after commit point): SS NULL"));
612 
      exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc);
613 
    }
614 
 
615 
    CPL = save_CPL;
616 
 
617 
    task_switch_load_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS],
618 
        &ds_selector, raw_ds_selector, cs_selector.rpl);
619 
    task_switch_load_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES],
620 
        &es_selector, raw_es_selector, cs_selector.rpl);
621 
    task_switch_load_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS],
622 
        &fs_selector, raw_fs_selector, cs_selector.rpl);
623 
    task_switch_load_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS],
624 
        &gs_selector, raw_gs_selector, cs_selector.rpl);
625 
 
626 
    // if new selector is not null then perform following checks:
627 
    //    index must be within its descriptor table limits else #TS(selector)
628 
    //    AR byte must indicate data or readable code else #TS(selector)
629 
    //    if data or non-conforming code then:
630 
    //      DPL must be >= CPL else #TS(selector)
631 
    //      DPL must be >= RPL else #TS(selector)
632 
    //    AR byte must indicate PRESENT else #NP(selector)
633 
    //    load cache with new segment descriptor and set valid bit
634 
 
635 
    // CS
636 
    if ((raw_cs_selector & 0xfffc) != 0) {
637 
      bx_bool good = fetch_raw_descriptor2(&cs_selector, &dword1, &dword2);
638 
      if (!good) {
639 
        BX_ERROR(("task_switch(exception after commit point): bad CS fetch"));
640 
        exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc);
641 
      }
642 
 
643 
      parse_descriptor(dword1, dword2, &cs_descriptor);
644 
 
645 
      // CS descriptor AR byte must indicate code segment else #TS(CS)
646 
      if (cs_descriptor.valid==0 || cs_descriptor.segment==0 ||
647 
          IS_DATA_SEGMENT(cs_descriptor.type))
648 
      {
649 
        BX_ERROR(("task_switch(exception after commit point): CS not valid executable seg"));
650 
        exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc);
651 
      }
652 
 
653 
      // if non-conforming then DPL must equal selector RPL else #TS(CS)
654 
      if (IS_CODE_SEGMENT_NON_CONFORMING(cs_descriptor.type) &&
655 
          cs_descriptor.dpl != cs_selector.rpl)
656 
      {
657 
        BX_ERROR(("task_switch(exception after commit point): non-conforming: CS.dpl!=CS.RPL"));
658 
        exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc);
659 
      }
660 
 
661 
      // if conforming then DPL must be <= selector RPL else #TS(CS)
662 
      if (IS_CODE_SEGMENT_CONFORMING(cs_descriptor.type) &&
663 
          cs_descriptor.dpl > cs_selector.rpl)
664 
      {
665 
        BX_ERROR(("task_switch(exception after commit point): conforming: CS.dpl>RPL"));
666 
        exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc);
667 
      }
668 
 
669 
      // Code segment is present in memory, else #NP(new code segment)
670 
      if (! IS_PRESENT(cs_descriptor)) {
671 
        BX_ERROR(("task_switch(exception after commit point): CS.p==0"));
672 
        exception(BX_NP_EXCEPTION, raw_cs_selector & 0xfffc);
673 
      }
674 
 
675 
      touch_segment(&cs_selector, &cs_descriptor);
676 
 
677 
#ifdef BX_SUPPORT_CS_LIMIT_DEMOTION
678 
      // Handle special case of CS.LIMIT demotion (new descriptor limit is smaller than current one)
679 
      if (BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.limit_scaled > cs_descriptor.u.segment.limit_scaled)
680 
        BX_CPU_THIS_PTR iCache.flushICacheEntries();
681 
#endif
682 
 
683 
      // All checks pass, fill in shadow cache
684 
      BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache = cs_descriptor;
685 
    }
686 
    else {
687 
      // If new cs selector is null #TS(CS)
688 
      BX_ERROR(("task_switch(exception after commit point): CS NULL"));
689 
      exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc);
690 
    }
691 
 
692 
    updateFetchModeMask(/* CS reloaded */);
693 
 
694 
#if BX_CPU_LEVEL >= 4
695 
    handleAlignmentCheck(); // task switch, CPL was modified
696 
#endif
697 
  }
698 
 
699 
  if (tss_descriptor->type >= 9 && (trap_word & 0x1)) {
700 
    BX_CPU_THIS_PTR debug_trap |= BX_DEBUG_TRAP_TASK_SWITCH_BIT; // BT flag
701 
    BX_CPU_THIS_PTR async_event = 1; // so processor knows to check
702 
    BX_INFO(("task_switch: T bit set in new TSS"));
703 
  }
704 
 
705 
#if BX_CPU_LEVEL >= 6
706 
  handleSseModeChange(); /* CR0.TS changes */
707 
#if BX_SUPPORT_AVX
708 
  handleAvxModeChange();
709 
#endif
710 
#endif
711 
 
712 
  //
713 
  // Step 12: Begin execution of new task.
714 
  //
715 
  BX_DEBUG(("TASKING: LEAVE"));
716 
 
717 
  RSP_SPECULATIVE;
718 
 
719 
  // push error code onto stack
720 
  if (push_error) {
721 
    if (tss_descriptor->type >= 9) // TSS386
722 
      push_32(error_code);
723 
    else
724 
      push_16(error_code);
725 
  }
726 
 
727 
  // instruction pointer must be in CS limit, else #GP(0)
728 
  if (EIP > BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.limit_scaled) {
729 
    BX_ERROR(("task_switch: EIP > CS.limit"));
730 
    exception(BX_GP_EXCEPTION, 0);
731 
  }
732 
 
733 
  RSP_COMMIT;
734 
}
735 
 
736 
void BX_CPU_C::task_switch_load_selector(bx_segment_reg_t *seg,
737 
                 bx_selector_t *selector, Bit16u raw_selector, Bit8u cs_rpl)
738 
{
739 
  bx_descriptor_t descriptor;
740 
  Bit32u dword1, dword2;
741 
 
742 
  // NULL selector is OK, will leave cache invalid
743 
  if ((raw_selector & 0xfffc) != 0)
744 
  {
745 
    bx_bool good = fetch_raw_descriptor2(selector, &dword1, &dword2);
746 
    if (!good) {
747 
      BX_ERROR(("task_switch(%s): bad selector fetch !", strseg(seg)));
748 
      exception(BX_TS_EXCEPTION, raw_selector & 0xfffc);
749 
    }
750 
 
751 
    parse_descriptor(dword1, dword2, &descriptor);
752 
 
753 
    /* AR byte must indicate data or readable code segment else #TS(selector) */
754 
    if (descriptor.segment==0 || (IS_CODE_SEGMENT(descriptor.type) &&
755 
        IS_CODE_SEGMENT_READABLE(descriptor.type) == 0))
756 
    {
757 
      BX_ERROR(("task_switch(%s): not data or readable code !", strseg(seg)));
758 
      exception(BX_TS_EXCEPTION, raw_selector & 0xfffc);
759 
    }
760 
 
761 
    /* If data or non-conforming code, then both the RPL and the CPL
762 
     * must be less than or equal to DPL in AR byte else #GP(selector) */
763 
    if (IS_DATA_SEGMENT(descriptor.type) ||
764 
        IS_CODE_SEGMENT_NON_CONFORMING(descriptor.type))
765 
    {
766 
      if ((selector->rpl > descriptor.dpl) || (cs_rpl > descriptor.dpl)) {
767 
        BX_ERROR(("load_seg_reg(%s): RPL & CPL must be <= DPL", strseg(seg)));
768 
        exception(BX_TS_EXCEPTION, raw_selector & 0xfffc);
769 
      }
770 
    }
771 
 
772 
    if (! IS_PRESENT(descriptor)) {
773 
      BX_ERROR(("task_switch(%s): descriptor not present !", strseg(seg)));
774 
      exception(BX_NP_EXCEPTION, raw_selector & 0xfffc);
775 
    }
776 
 
777 
    touch_segment(selector, &descriptor);
778 
 
779 
    // All checks pass, fill in shadow cache
780 
    seg->cache = descriptor;
781 
  }
782 
}
783 
 
784 
void BX_CPU_C::get_SS_ESP_from_TSS(unsigned pl, Bit16u *ss, Bit32u *esp)
785 
{
786 
  if (BX_CPU_THIS_PTR tr.cache.valid==0)
787 
    BX_PANIC(("get_SS_ESP_from_TSS: TR.cache invalid"));
788 
 
789 
  if (BX_CPU_THIS_PTR tr.cache.type==BX_SYS_SEGMENT_AVAIL_386_TSS ||
790 
      BX_CPU_THIS_PTR tr.cache.type==BX_SYS_SEGMENT_BUSY_386_TSS)
791 
  {
792 
    // 32-bit TSS
793 
    Bit32u TSSstackaddr = 8*pl + 4;
794 
    if ((TSSstackaddr+7) > BX_CPU_THIS_PTR tr.cache.u.segment.limit_scaled) {
795 
      BX_DEBUG(("get_SS_ESP_from_TSS(386): TSSstackaddr > TSS.LIMIT"));
796 
      exception(BX_TS_EXCEPTION, BX_CPU_THIS_PTR tr.selector.value & 0xfffc);
797 
    }
798 
    *ss  = system_read_word (BX_CPU_THIS_PTR tr.cache.u.segment.base + TSSstackaddr + 4);
799 
    *esp = system_read_dword(BX_CPU_THIS_PTR tr.cache.u.segment.base + TSSstackaddr);
800 
  }
801 
  else if (BX_CPU_THIS_PTR tr.cache.type==BX_SYS_SEGMENT_AVAIL_286_TSS ||
802 
           BX_CPU_THIS_PTR tr.cache.type==BX_SYS_SEGMENT_BUSY_286_TSS)
803 
  {
804 
    // 16-bit TSS
805 
    Bit32u TSSstackaddr = 4*pl + 2;
806 
    if ((TSSstackaddr+3) > BX_CPU_THIS_PTR tr.cache.u.segment.limit_scaled) {
807 
      BX_DEBUG(("get_SS_ESP_from_TSS(286): TSSstackaddr > TSS.LIMIT"));
808 
      exception(BX_TS_EXCEPTION, BX_CPU_THIS_PTR tr.selector.value & 0xfffc);
809 
    }
810 
    *ss  =          system_read_word(BX_CPU_THIS_PTR tr.cache.u.segment.base + TSSstackaddr + 2);
811 
    *esp = (Bit32u) system_read_word(BX_CPU_THIS_PTR tr.cache.u.segment.base + TSSstackaddr);
812 
  }
813 
  else {
814 
    BX_PANIC(("get_SS_ESP_from_TSS: TR is bogus type (%u)", (unsigned) BX_CPU_THIS_PTR tr.cache.type));
815 
  }
816 
}
817 
 
818 
#if BX_SUPPORT_X86_64
819 
Bit64u BX_CPU_C::get_RSP_from_TSS(unsigned pl)
820 
{
821 
  if (BX_CPU_THIS_PTR tr.cache.valid==0)
822 
    BX_PANIC(("get_RSP_from_TSS: TR.cache invalid"));
823 
 
824 
  // 32-bit TSS
825 
  Bit32u TSSstackaddr = 8*pl + 4;
826 
  if ((TSSstackaddr+7) > BX_CPU_THIS_PTR tr.cache.u.segment.limit_scaled) {
827 
    BX_DEBUG(("get_RSP_from_TSS(): TSSstackaddr > TSS.LIMIT"));
828 
    exception(BX_TS_EXCEPTION, BX_CPU_THIS_PTR tr.selector.value & 0xfffc);
829 
  }
830 
 
831 
  Bit64u rsp = system_read_qword(BX_CPU_THIS_PTR tr.cache.u.segment.base + TSSstackaddr);
832 
 
833 
  if (! IsCanonical(rsp)) {
834 
    BX_ERROR(("get_RSP_from_TSS: canonical address failure 0x%08x%08x", GET32H(rsp), GET32L(rsp)));
835 
    exception(BX_SS_EXCEPTION, BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector.value & 0xfffc);
836 
  }
837 
 
838 
  return rsp;
839 
}
840 
#endif  // #if BX_SUPPORT_X86_64

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.