OpenCores
URL https://opencores.org/ocsvn/ao486/ao486/trunk

Subversion Repositories ao486

[/] [ao486/] [trunk/] [bochs486/] [cpu/] [tasking.cc] - Blame information for rev 7

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 2 alfik
/////////////////////////////////////////////////////////////////////////
2
// $Id: tasking.cc 11654 2013-03-15 08:26:22Z sshwarts $
3
/////////////////////////////////////////////////////////////////////////
4
//
5
//  Copyright (C) 2001-2012  The Bochs Project
6
//
7
//  This library is free software; you can redistribute it and/or
8
//  modify it under the terms of the GNU Lesser General Public
9
//  License as published by the Free Software Foundation; either
10
//  version 2 of the License, or (at your option) any later version.
11
//
12
//  This library is distributed in the hope that it will be useful,
13
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
14
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15
//  Lesser General Public License for more details.
16
//
17
//  You should have received a copy of the GNU Lesser General Public
18
//  License along with this library; if not, write to the Free Software
19
//  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA B 02110-1301 USA
20
/////////////////////////////////////////////////////////////////////////
21
 
22
#define NEED_CPU_REG_SHORTCUTS 1
23
#include "bochs.h"
24
#include "cpu.h"
25
#define LOG_THIS BX_CPU_THIS_PTR
26
 
27
// Notes:
28
// ======
29
 
30
  // ======================
31
  // 286 Task State Segment
32
  // ======================
33
  // dynamic item                      | hex  dec  offset
34
  // 0       task LDT selector         | 2a   42
35
  // 1       DS selector               | 28   40
36
  // 1       SS selector               | 26   38
37
  // 1       CS selector               | 24   36
38
  // 1       ES selector               | 22   34
39
  // 1       DI                        | 20   32
40
  // 1       SI                        | 1e   30
41
  // 1       BP                        | 1c   28
42
  // 1       SP                        | 1a   26
43
  // 1       BX                        | 18   24
44
  // 1       DX                        | 16   22
45
  // 1       CX                        | 14   20
46
  // 1       AX                        | 12   18
47
  // 1       flag word                 | 10   16
48
  // 1       IP (entry point)          | 0e   14
49
  // 0       SS for CPL 2              | 0c   12
50
  // 0       SP for CPL 2              | 0a   10
51
  // 0       SS for CPL 1              | 08   08
52
  // 0       SP for CPL 1              | 06   06
53
  // 0       SS for CPL 0              | 04   04
54
  // 0       SP for CPL 0              | 02   02
55
  //         back link selector to TSS | 00   00
56
 
57
 
58
  // ======================
59
  // 386 Task State Segment
60
  // ======================
61
  // |31            16|15                    0| hex dec
62
  // |I/O Map Base    |000000000000000000000|T| 64  100 static
63
  // |0000000000000000| LDT                   | 60  96  static
64
  // |0000000000000000| GS selector           | 5c  92  dynamic
65
  // |0000000000000000| FS selector           | 58  88  dynamic
66
  // |0000000000000000| DS selector           | 54  84  dynamic
67
  // |0000000000000000| SS selector           | 50  80  dynamic
68
  // |0000000000000000| CS selector           | 4c  76  dynamic
69
  // |0000000000000000| ES selector           | 48  72  dynamic
70
  // |                EDI                     | 44  68  dynamic
71
  // |                ESI                     | 40  64  dynamic
72
  // |                EBP                     | 3c  60  dynamic
73
  // |                ESP                     | 38  56  dynamic
74
  // |                EBX                     | 34  52  dynamic
75
  // |                EDX                     | 30  48  dynamic
76
  // |                ECX                     | 2c  44  dynamic
77
  // |                EAX                     | 28  40  dynamic
78
  // |                EFLAGS                  | 24  36  dynamic
79
  // |                EIP (entry point)       | 20  32  dynamic
80
  // |           CR3 (PDPR)                   | 1c  28  static
81
  // |000000000000000 | SS for CPL 2          | 18  24  static
82
  // |           ESP for CPL 2                | 14  20  static
83
  // |000000000000000 | SS for CPL 1          | 10  16  static
84
  // |           ESP for CPL 1                | 0c  12  static
85
  // |000000000000000 | SS for CPL 0          | 08  08  static
86
  // |           ESP for CPL 0                | 04  04  static
87
  // |000000000000000 | back link to prev TSS | 00  00  dynamic (updated only when return expected)
88
 
89
 
90
  // ==================================================
91
  // Effect of task switch on Busy, NT, and Link Fields
92
  // ==================================================
93
 
94
  // Field         jump        call/interrupt     iret
95
  // ------------------------------------------------------
96
  // new busy bit  Set         Set                No change
97
  // old busy bit  Cleared     No change          Cleared
98
  // new NT flag   No change   Set                No change
99
  // old NT flag   No change   No change          Cleared
100
  // new link      No change   old TSS selector   No change
101
  // old link      No change   No change          No change
102
  // CR0.TS        Set         Set                Set
103
 
104
  // Note: I checked 386, 486, and Pentium, and they all exhibited
105
  //       exactly the same behaviour as above.  There seems to
106
  //       be some misprints in the Intel docs.
107
 
108
void BX_CPU_C::task_switch(bxInstruction_c *i, bx_selector_t *tss_selector,
109
                 bx_descriptor_t *tss_descriptor, unsigned source,
110
                 Bit32u dword1, Bit32u dword2, bx_bool push_error, Bit32u error_code)
111
{
112
  Bit32u obase32; // base address of old TSS
113
  Bit32u nbase32; // base address of new TSS
114
  Bit32u temp32, newCR3;
115
  Bit16u raw_cs_selector, raw_ss_selector, raw_ds_selector, raw_es_selector,
116
         raw_fs_selector, raw_gs_selector, raw_ldt_selector;
117
  Bit16u trap_word;
118
  bx_selector_t cs_selector, ss_selector, ds_selector, es_selector,
119
                fs_selector, gs_selector, ldt_selector;
120
  bx_descriptor_t cs_descriptor, ss_descriptor, ldt_descriptor;
121
  Bit32u old_TSS_max, new_TSS_max, old_TSS_limit, new_TSS_limit;
122
  Bit32u newEAX, newECX, newEDX, newEBX;
123
  Bit32u newESP, newEBP, newESI, newEDI;
124
  Bit32u newEFLAGS, newEIP;
125
 
126
  BX_DEBUG(("TASKING: ENTER"));
127
 
128
  invalidate_prefetch_q();
129
 
130
  // Discard any traps and inhibits for new context; traps will
131
  // resume upon return.
132
  BX_CPU_THIS_PTR debug_trap &= ~BX_DEBUG_SINGLE_STEP_BIT;
133
  BX_CPU_THIS_PTR inhibit_mask = 0;
134
 
135
  // STEP 1: The following checks are made before calling task_switch(),
136
  //         for JMP & CALL only. These checks are NOT made for exceptions,
137
  //         interrupts & IRET.
138
  //
139
  //   1) TSS DPL must be >= CPL
140
  //   2) TSS DPL must be >= TSS selector RPL
141
  //   3) TSS descriptor is not busy.
142
 
143
  // STEP 2: The processor performs limit-checking on the target TSS
144
  //         to verify that the TSS limit is greater than or equal
145
  //         to 67h (2Bh for 16-bit TSS).
146
 
147
  // Gather info about new TSS
148
  if (tss_descriptor->type <= 3) { // {1,3}
149
    new_TSS_max = 0x2B;
150
  }
151
  else { // tss_descriptor->type = {9,11}
152
    new_TSS_max = 0x67;
153
  }
154
 
155
  nbase32 = (Bit32u) tss_descriptor->u.segment.base;
156
  new_TSS_limit = tss_descriptor->u.segment.limit_scaled;
157
 
158
  if (new_TSS_limit < new_TSS_max) {
159
    BX_ERROR(("task_switch(): new TSS limit < %d", new_TSS_max));
160
    exception(BX_TS_EXCEPTION, tss_selector->value & 0xfffc);
161
  }
162
 
163
#if BX_SUPPORT_SVM
164
  if (BX_CPU_THIS_PTR in_svm_guest) {
165
    if (SVM_INTERCEPT(SVM_INTERCEPT0_TASK_SWITCH))
166
      SvmInterceptTaskSwitch(tss_selector->value, source, push_error, error_code);
167
  }
168
#endif
169
 
170
#if BX_SUPPORT_VMX
171
  if (BX_CPU_THIS_PTR in_vmx_guest)
172
    VMexit_TaskSwitch(tss_selector->value, source);
173
#endif
174
 
175
  // Gather info about old TSS
176
  if (BX_CPU_THIS_PTR tr.cache.type <= 3) {
177
    old_TSS_max = 0x29;
178
  }
179
  else {
180
    old_TSS_max = 0x5F;
181
  }
182
 
183
  obase32 = (Bit32u) BX_CPU_THIS_PTR tr.cache.u.segment.base;        // old TSS.base
184
  old_TSS_limit = BX_CPU_THIS_PTR tr.cache.u.segment.limit_scaled;
185
 
186
  if (old_TSS_limit < old_TSS_max) {
187
    BX_ERROR(("task_switch(): old TSS limit < %d", old_TSS_max));
188
    exception(BX_TS_EXCEPTION, BX_CPU_THIS_PTR tr.selector.value & 0xfffc);
189
  }
190
 
191
  if (obase32 == nbase32) {
192
    BX_INFO(("TASK SWITCH: switching to the same TSS !"));
193
  }
194
 
195
  // Check that old TSS, new TSS, and all segment descriptors
196
  // used in the task switch are paged in.
197
  if (BX_CPU_THIS_PTR cr0.get_PG())
198
  {
199
    translate_linear(BX_TLB_ENTRY_OF(nbase32), nbase32, 0, BX_READ);  // old TSS
200
    translate_linear(BX_TLB_ENTRY_OF(nbase32 + new_TSS_max), nbase32 + new_TSS_max, 0, BX_READ);
201
 
202
    // ??? Humm, we check the new TSS region with READ above,
203
    // but sometimes we need to write the link field in that
204
    // region.  We also sometimes update other fields, perhaps
205
    // we need to WRITE check them here also, so that we keep
206
    // the written state consistent (ie, we don't encounter a
207
    // page fault in the middle).
208
 
209
    if (source == BX_TASK_FROM_CALL || source == BX_TASK_FROM_INT)
210
    {
211
      translate_linear(BX_TLB_ENTRY_OF(nbase32),     nbase32,     0, BX_WRITE);
212
      translate_linear(BX_TLB_ENTRY_OF(nbase32 + 1), nbase32 + 1, 0, BX_WRITE);
213
    }
214
  }
215
 
216
  // Privilege and busy checks done in CALL, JUMP, INT, IRET
217
 
218
  // Step 3: If JMP or IRET, clear busy bit in old task TSS descriptor,
219
  //         otherwise leave set.
220
 
221
  // effect on Busy bit of old task
222
  if (source == BX_TASK_FROM_JUMP || source == BX_TASK_FROM_IRET) {
223
    // Bit is cleared
224
    Bit32u laddr = (Bit32u) BX_CPU_THIS_PTR gdtr.base + (BX_CPU_THIS_PTR tr.selector.index<<3) + 4;
225
    access_read_linear(laddr, 4, 0, BX_RW, &temp32);
226
    temp32 &= ~0x200;
227
    access_write_linear(laddr, 4, 0, &temp32);
228
  }
229
 
230
  // STEP 4: If the task switch was initiated with an IRET instruction,
231
  //         clears the NT flag in a temporarily saved EFLAGS image;
232
  //         if initiated with a CALL or JMP instruction, an exception, or
233
  //         an interrupt, the NT flag is left unchanged.
234
 
235
  Bit32u oldEFLAGS = read_eflags();
236
 
237
  /* if moving to busy task, clear NT bit */
238
  if (tss_descriptor->type == BX_SYS_SEGMENT_BUSY_286_TSS ||
239
      tss_descriptor->type == BX_SYS_SEGMENT_BUSY_386_TSS)
240
  {
241
    oldEFLAGS &= ~EFlagsNTMask;
242
  }
243
 
244
  // STEP 5: Save the current task state in the TSS. Up to this point,
245
  //         any exception that occurs aborts the task switch without
246
  //         changing the processor state.
247
 
248
  /* save current machine state in old task's TSS */
249
 
250
  if (BX_CPU_THIS_PTR tr.cache.type <= 3) {
251
    // check that we won't page fault while writing
252
    if (BX_CPU_THIS_PTR cr0.get_PG()) {
253
      Bit32u start = Bit32u(obase32 + 14), end = Bit32u(obase32 + 41);
254
 
255
      translate_linear(BX_TLB_ENTRY_OF(start), start, 0, BX_WRITE);
256
      translate_linear(BX_TLB_ENTRY_OF(end),   end,   0, BX_WRITE);
257
    }
258
 
259
    system_write_word(Bit32u(obase32 + 14), IP);
260
    system_write_word(Bit32u(obase32 + 16), oldEFLAGS);
261
    system_write_word(Bit32u(obase32 + 18), AX);
262
    system_write_word(Bit32u(obase32 + 20), CX);
263
    system_write_word(Bit32u(obase32 + 22), DX);
264
    system_write_word(Bit32u(obase32 + 24), BX);
265
    system_write_word(Bit32u(obase32 + 26), SP);
266
    system_write_word(Bit32u(obase32 + 28), BP);
267
    system_write_word(Bit32u(obase32 + 30), SI);
268
    system_write_word(Bit32u(obase32 + 32), DI);
269
 
270
    system_write_word(Bit32u(obase32 + 34),
271
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value);
272
    system_write_word(Bit32u(obase32 + 36),
273
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector.value);
274
    system_write_word(Bit32u(obase32 + 38),
275
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector.value);
276
    system_write_word(Bit32u(obase32 + 40),
277
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector.value);
278
  }
279
  else {
280
    // check that we won't page fault while writing
281
    if (BX_CPU_THIS_PTR cr0.get_PG()) {
282
      Bit32u start = Bit32u(obase32 + 0x20), end = Bit32u(obase32 + 0x5d);
283
 
284
      translate_linear(BX_TLB_ENTRY_OF(start), start, 0, BX_WRITE);
285
      translate_linear(BX_TLB_ENTRY_OF(end),   end,   0, BX_WRITE);
286
    }
287
 
288
    system_write_dword(Bit32u(obase32 + 0x20), EIP);
289
    system_write_dword(Bit32u(obase32 + 0x24), oldEFLAGS);
290
    system_write_dword(Bit32u(obase32 + 0x28), EAX);
291
    system_write_dword(Bit32u(obase32 + 0x2c), ECX);
292
    system_write_dword(Bit32u(obase32 + 0x30), EDX);
293
    system_write_dword(Bit32u(obase32 + 0x34), EBX);
294
    system_write_dword(Bit32u(obase32 + 0x38), ESP);
295
    system_write_dword(Bit32u(obase32 + 0x3c), EBP);
296
    system_write_dword(Bit32u(obase32 + 0x40), ESI);
297
    system_write_dword(Bit32u(obase32 + 0x44), EDI);
298
 
299
    system_write_word(Bit32u(obase32 + 0x48),
300
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value);
301
    system_write_word(Bit32u(obase32 + 0x4c),
302
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector.value);
303
    system_write_word(Bit32u(obase32 + 0x50),
304
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector.value);
305
    system_write_word(Bit32u(obase32 + 0x54),
306
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector.value);
307
    system_write_word(Bit32u(obase32 + 0x58),
308
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].selector.value);
309
    system_write_word(Bit32u(obase32 + 0x5c),
310
           BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].selector.value);
311
  }
312
 
313
  // effect on link field of new task
314
  if (source == BX_TASK_FROM_CALL || source == BX_TASK_FROM_INT)
315
  {
316
    // set to selector of old task's TSS
317
    system_write_word(nbase32, BX_CPU_THIS_PTR tr.selector.value);
318
  }
319
 
320
  // STEP 6: The new-task state is loaded from the TSS
321
 
322
  if (tss_descriptor->type <= 3) {
323
    newEIP    = system_read_word(Bit32u(nbase32 + 14));
324
    newEFLAGS = system_read_word(Bit32u(nbase32 + 16));
325
 
326
    // incoming TSS is 16bit:
327
    //   - upper word of general registers is set to 0xFFFF
328
    //   - upper word of eflags is zero'd
329
    //   - FS, GS are zero'd
330
    //   - upper word of eIP is zero'd
331
    Bit16u temp16 = system_read_word(Bit32u(nbase32 + 18));
332
      newEAX = 0xffff0000 | temp16;
333
    temp16 = system_read_word(Bit32u(nbase32 + 20));
334
      newECX = 0xffff0000 | temp16;
335
    temp16 = system_read_word(Bit32u(nbase32 + 22));
336
      newEDX = 0xffff0000 | temp16;
337
    temp16 = system_read_word(Bit32u(nbase32 + 24));
338
      newEBX = 0xffff0000 | temp16;
339
    temp16 = system_read_word(Bit32u(nbase32 + 26));
340
      newESP = 0xffff0000 | temp16;
341
    temp16 = system_read_word(Bit32u(nbase32 + 28));
342
      newEBP = 0xffff0000 | temp16;
343
    temp16 = system_read_word(Bit32u(nbase32 + 30));
344
      newESI = 0xffff0000 | temp16;
345
    temp16 = system_read_word(Bit32u(nbase32 + 32));
346
      newEDI = 0xffff0000 | temp16;
347
 
348
    raw_es_selector  = system_read_word(Bit32u(nbase32 + 34));
349
    raw_cs_selector  = system_read_word(Bit32u(nbase32 + 36));
350
    raw_ss_selector  = system_read_word(Bit32u(nbase32 + 38));
351
    raw_ds_selector  = system_read_word(Bit32u(nbase32 + 40));
352
    raw_ldt_selector = system_read_word(Bit32u(nbase32 + 42));
353
 
354
    raw_fs_selector = 0; // use a NULL selector
355
    raw_gs_selector = 0; // use a NULL selector
356
    // No CR3 change for 286 task switch
357
    newCR3 = 0;   // keep compiler happy (not used)
358
    trap_word = 0; // keep compiler happy (not used)
359
  }
360
  else {
361
    if (BX_CPU_THIS_PTR cr0.get_PG())
362
      newCR3 = system_read_dword(Bit32u(nbase32 + 0x1c));
363
    else
364
      newCR3 = 0;   // keep compiler happy (not used)
365
 
366
    newEIP    = system_read_dword(Bit32u(nbase32 + 0x20));
367
    newEFLAGS = system_read_dword(Bit32u(nbase32 + 0x24));
368
    newEAX    = system_read_dword(Bit32u(nbase32 + 0x28));
369
    newECX    = system_read_dword(Bit32u(nbase32 + 0x2c));
370
    newEDX    = system_read_dword(Bit32u(nbase32 + 0x30));
371
    newEBX    = system_read_dword(Bit32u(nbase32 + 0x34));
372
    newESP    = system_read_dword(Bit32u(nbase32 + 0x38));
373
    newEBP    = system_read_dword(Bit32u(nbase32 + 0x3c));
374
    newESI    = system_read_dword(Bit32u(nbase32 + 0x40));
375
    newEDI    = system_read_dword(Bit32u(nbase32 + 0x44));
376
 
377
    raw_es_selector  = system_read_word(Bit32u(nbase32 + 0x48));
378
    raw_cs_selector  = system_read_word(Bit32u(nbase32 + 0x4c));
379
    raw_ss_selector  = system_read_word(Bit32u(nbase32 + 0x50));
380
    raw_ds_selector  = system_read_word(Bit32u(nbase32 + 0x54));
381
    raw_fs_selector  = system_read_word(Bit32u(nbase32 + 0x58));
382
    raw_gs_selector  = system_read_word(Bit32u(nbase32 + 0x5c));
383
    raw_ldt_selector = system_read_word(Bit32u(nbase32 + 0x60));
384
    trap_word        = system_read_word(Bit32u(nbase32 + 0x64));
385
  }
386
 
387
  // Step 7: If CALL, interrupt, or JMP, set busy flag in new task's
388
  //         TSS descriptor.  If IRET, leave set.
389
 
390
  if (source != BX_TASK_FROM_IRET)
391
  {
392
    // set the new task's busy bit
393
    Bit32u laddr = (Bit32u)(BX_CPU_THIS_PTR gdtr.base) + (tss_selector->index<<3) + 4;
394
    access_read_linear(laddr, 4, 0, BX_RW, &dword2);
395
    dword2 |= 0x200;
396
    access_write_linear(laddr, 4, 0, &dword2);
397
  }
398
 
399
  //
400
  // Commit point.  At this point, we commit to the new
401
  // context.  If an unrecoverable error occurs in further
402
  // processing, we complete the task switch without performing
403
  // additional access and segment availablility checks and
404
  // generate the appropriate exception prior to beginning
405
  // execution of the new task.
406
  //
407
 
408
  // Step 8: Load the task register with the segment selector and
409
  //         descriptor for the new task TSS.
410
 
411
  BX_CPU_THIS_PTR tr.selector = *tss_selector;
412
  BX_CPU_THIS_PTR tr.cache    = *tss_descriptor;
413
  BX_CPU_THIS_PTR tr.cache.type |= 2; // mark TSS in TR as busy
414
 
415
  // Step 9: Set TS flag in the CR0 image stored in the new task TSS.
416
  BX_CPU_THIS_PTR cr0.set_TS(1);
417
 
418
  // Task switch clears LE/L3/L2/L1/L0 in DR7
419
  BX_CPU_THIS_PTR dr7.val32 &= ~0x00000155;
420
 
421
  // Step 10: If call or interrupt, set the NT flag in the eflags
422
  //          image stored in new task's TSS.  If IRET or JMP,
423
  //          NT is restored from new TSS eflags image. (no change)
424
 
425
  // effect on NT flag of new task
426
  if (source == BX_TASK_FROM_CALL || source == BX_TASK_FROM_INT) {
427
    newEFLAGS |= EFlagsNTMask; // NT flag is set
428
  }
429
 
430
  // Step 11: Load the new task (dynamic) state from new TSS.
431
  //          Any errors associated with loading and qualification of
432
  //          segment descriptors in this step occur in the new task's
433
  //          context.  State loaded here includes LDTR, CR3,
434
  //          EFLAGS, EIP, general purpose registers, and segment
435
  //          descriptor parts of the segment registers.
436
 
437
  BX_CPU_THIS_PTR prev_rip = EIP = newEIP;
438
 
439
  EAX = newEAX;
440
  ECX = newECX;
441
  EDX = newEDX;
442
  EBX = newEBX;
443
  ESP = newESP;
444
  EBP = newEBP;
445
  ESI = newESI;
446
  EDI = newEDI;
447
 
448
  BX_CPU_THIS_PTR speculative_rsp = 0;
449
 
450
  writeEFlags(newEFLAGS, EFlagsValidMask);
451
 
452
  // Fill in selectors for all segment registers.  If errors
453
  // occur later, the selectors will at least be loaded.
454
  parse_selector(raw_cs_selector, &cs_selector);
455
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].selector = cs_selector;
456
  parse_selector(raw_ss_selector, &ss_selector);
457
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector = ss_selector;
458
  parse_selector(raw_ds_selector, &ds_selector);
459
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector = ds_selector;
460
  parse_selector(raw_es_selector, &es_selector);
461
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector = es_selector;
462
  parse_selector(raw_fs_selector, &fs_selector);
463
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].selector = fs_selector;
464
  parse_selector(raw_gs_selector, &gs_selector);
465
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].selector = gs_selector;
466
  parse_selector(raw_ldt_selector, &ldt_selector);
467
  BX_CPU_THIS_PTR ldtr.selector = ldt_selector;
468
 
469
  // Start out with invalid descriptor caches, fill in with
470
  // values only as they are validated
471
  BX_CPU_THIS_PTR ldtr.cache.valid = 0;
472
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.valid = 0;
473
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].cache.valid = 0;
474
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].cache.valid = 0;
475
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].cache.valid = 0;
476
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].cache.valid = 0;
477
  BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].cache.valid = 0;
478
 
479
  if ((tss_descriptor->type >= 9) && BX_CPU_THIS_PTR cr0.get_PG()) {
480
    // change CR3 only if it actually modified
481
    if (newCR3 != BX_CPU_THIS_PTR cr3) {
482
      BX_DEBUG(("task_switch changing CR3 to 0x%08x", newCR3));
483
 
484
      if (! SetCR3(newCR3)) // Tell paging unit about new cr3 value
485
        exception(BX_TS_EXCEPTION, 0);
486
 
487
#if BX_CPU_LEVEL >= 6
488
      if (BX_CPU_THIS_PTR cr0.get_PG() && BX_CPU_THIS_PTR cr4.get_PAE()) {
489
        if (! CheckPDPTR(newCR3)) {
490
          BX_ERROR(("task_switch(exception after commit point): PDPTR check failed !"));
491
 
492
          // clear PDPTRs before raising task switch exception
493
          for (unsigned n=0; n<4; n++)
494
            BX_CPU_THIS_PTR PDPTR_CACHE.entry[n] = 0;
495
 
496
          exception(BX_TS_EXCEPTION, 0);
497
        }
498
      }
499
#endif
500
 
501
      BX_INSTR_TLB_CNTRL(BX_CPU_ID, BX_INSTR_TASK_SWITCH, newCR3);
502
    }
503
  }
504
 
505
  unsigned save_CPL = CPL;
506
  /* set CPL to 3 to force a privilege level change and stack switch if SS
507
     is not properly loaded */
508
  CPL = 3;
509
 
510
  // LDTR
511
  if (ldt_selector.ti) {
512
    // LDT selector must be in GDT
513
    BX_INFO(("task_switch(exception after commit point): bad LDT selector TI=1"));
514
    exception(BX_TS_EXCEPTION, raw_ldt_selector & 0xfffc);
515
  }
516
 
517
  if ((raw_ldt_selector & 0xfffc) != 0) {
518
    bx_bool good = fetch_raw_descriptor2(&ldt_selector, &dword1, &dword2);
519
    if (!good) {
520
      BX_ERROR(("task_switch(exception after commit point): bad LDT fetch"));
521
      exception(BX_TS_EXCEPTION, raw_ldt_selector & 0xfffc);
522
    }
523
 
524
    parse_descriptor(dword1, dword2, &ldt_descriptor);
525
 
526
    // LDT selector of new task is valid, else #TS(new task's LDT)
527
    if (ldt_descriptor.valid==0 ||
528
        ldt_descriptor.type!=BX_SYS_SEGMENT_LDT ||
529
        ldt_descriptor.segment)
530
    {
531
      BX_ERROR(("task_switch(exception after commit point): bad LDT segment"));
532
      exception(BX_TS_EXCEPTION, raw_ldt_selector & 0xfffc);
533
    }
534
 
535
    // LDT of new task is present in memory, else #TS(new tasks's LDT)
536
    if (! IS_PRESENT(ldt_descriptor)) {
537
      BX_ERROR(("task_switch(exception after commit point): LDT not present"));
538
      exception(BX_TS_EXCEPTION, raw_ldt_selector & 0xfffc);
539
    }
540
 
541
    // All checks pass, fill in LDTR shadow cache
542
    BX_CPU_THIS_PTR ldtr.cache = ldt_descriptor;
543
  }
544
  else {
545
    // NULL LDT selector is OK, leave cache invalid
546
  }
547
 
548
  if (v8086_mode()) {
549
    // load seg regs as 8086 registers
550
    load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS], raw_ss_selector);
551
    load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS], raw_ds_selector);
552
    load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES], raw_es_selector);
553
    load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS], raw_fs_selector);
554
    load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS], raw_gs_selector);
555
    load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS], raw_cs_selector);
556
    // CPL is set from CS selector
557
  }
558
  else {
559
 
560
    // SS
561
    if ((raw_ss_selector & 0xfffc) != 0)
562
    {
563
      bx_bool good = fetch_raw_descriptor2(&ss_selector, &dword1, &dword2);
564
      if (!good) {
565
        BX_ERROR(("task_switch(exception after commit point): bad SS fetch"));
566
        exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc);
567
      }
568
 
569
      parse_descriptor(dword1, dword2, &ss_descriptor);
570
 
571
      // SS selector must be within its descriptor table limits else #TS(SS)
572
      // SS descriptor AR byte must must indicate writable data segment,
573
      // else #TS(SS)
574
      if (ss_descriptor.valid==0 || ss_descriptor.segment==0 ||
575
           IS_CODE_SEGMENT(ss_descriptor.type) ||
576
          !IS_DATA_SEGMENT_WRITEABLE(ss_descriptor.type))
577
      {
578
        BX_ERROR(("task_switch(exception after commit point): SS not valid or writeable segment"));
579
        exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc);
580
      }
581
 
582
      //
583
      // Stack segment is present in memory, else #SS(new stack segment)
584
      //
585
      if (! IS_PRESENT(ss_descriptor)) {
586
        BX_ERROR(("task_switch(exception after commit point): SS not present"));
587
        exception(BX_SS_EXCEPTION, raw_ss_selector & 0xfffc);
588
      }
589
 
590
      // Stack segment DPL matches CS.RPL, else #TS(new stack segment)
591
      if (ss_descriptor.dpl != cs_selector.rpl) {
592
        BX_ERROR(("task_switch(exception after commit point): SS.rpl != CS.RPL"));
593
        exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc);
594
      }
595
 
596
      // Stack segment DPL matches selector RPL, else #TS(new stack segment)
597
      if (ss_descriptor.dpl != ss_selector.rpl) {
598
        BX_ERROR(("task_switch(exception after commit point): SS.dpl != SS.rpl"));
599
        exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc);
600
      }
601
 
602
      touch_segment(&ss_selector, &ss_descriptor);
603
 
604
      // All checks pass, fill in shadow cache
605
      BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].cache = ss_descriptor;
606
 
607
      invalidate_stack_cache();
608
    }
609
    else {
610
      // SS selector is valid, else #TS(new stack segment)
611
      BX_ERROR(("task_switch(exception after commit point): SS NULL"));
612
      exception(BX_TS_EXCEPTION, raw_ss_selector & 0xfffc);
613
    }
614
 
615
    CPL = save_CPL;
616
 
617
    task_switch_load_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS],
618
        &ds_selector, raw_ds_selector, cs_selector.rpl);
619
    task_switch_load_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES],
620
        &es_selector, raw_es_selector, cs_selector.rpl);
621
    task_switch_load_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS],
622
        &fs_selector, raw_fs_selector, cs_selector.rpl);
623
    task_switch_load_selector(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS],
624
        &gs_selector, raw_gs_selector, cs_selector.rpl);
625
 
626
    // if new selector is not null then perform following checks:
627
    //    index must be within its descriptor table limits else #TS(selector)
628
    //    AR byte must indicate data or readable code else #TS(selector)
629
    //    if data or non-conforming code then:
630
    //      DPL must be >= CPL else #TS(selector)
631
    //      DPL must be >= RPL else #TS(selector)
632
    //    AR byte must indicate PRESENT else #NP(selector)
633
    //    load cache with new segment descriptor and set valid bit
634
 
635
    // CS
636
    if ((raw_cs_selector & 0xfffc) != 0) {
637
      bx_bool good = fetch_raw_descriptor2(&cs_selector, &dword1, &dword2);
638
      if (!good) {
639
        BX_ERROR(("task_switch(exception after commit point): bad CS fetch"));
640
        exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc);
641
      }
642
 
643
      parse_descriptor(dword1, dword2, &cs_descriptor);
644
 
645
      // CS descriptor AR byte must indicate code segment else #TS(CS)
646
      if (cs_descriptor.valid==0 || cs_descriptor.segment==0 ||
647
          IS_DATA_SEGMENT(cs_descriptor.type))
648
      {
649
        BX_ERROR(("task_switch(exception after commit point): CS not valid executable seg"));
650
        exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc);
651
      }
652
 
653
      // if non-conforming then DPL must equal selector RPL else #TS(CS)
654
      if (IS_CODE_SEGMENT_NON_CONFORMING(cs_descriptor.type) &&
655
          cs_descriptor.dpl != cs_selector.rpl)
656
      {
657
        BX_ERROR(("task_switch(exception after commit point): non-conforming: CS.dpl!=CS.RPL"));
658
        exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc);
659
      }
660
 
661
      // if conforming then DPL must be <= selector RPL else #TS(CS)
662
      if (IS_CODE_SEGMENT_CONFORMING(cs_descriptor.type) &&
663
          cs_descriptor.dpl > cs_selector.rpl)
664
      {
665
        BX_ERROR(("task_switch(exception after commit point): conforming: CS.dpl>RPL"));
666
        exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc);
667
      }
668
 
669
      // Code segment is present in memory, else #NP(new code segment)
670
      if (! IS_PRESENT(cs_descriptor)) {
671
        BX_ERROR(("task_switch(exception after commit point): CS.p==0"));
672
        exception(BX_NP_EXCEPTION, raw_cs_selector & 0xfffc);
673
      }
674
 
675
      touch_segment(&cs_selector, &cs_descriptor);
676
 
677
#ifdef BX_SUPPORT_CS_LIMIT_DEMOTION
678
      // Handle special case of CS.LIMIT demotion (new descriptor limit is smaller than current one)
679
      if (BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.limit_scaled > cs_descriptor.u.segment.limit_scaled)
680
        BX_CPU_THIS_PTR iCache.flushICacheEntries();
681
#endif
682
 
683
      // All checks pass, fill in shadow cache
684
      BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache = cs_descriptor;
685
    }
686
    else {
687
      // If new cs selector is null #TS(CS)
688
      BX_ERROR(("task_switch(exception after commit point): CS NULL"));
689
      exception(BX_TS_EXCEPTION, raw_cs_selector & 0xfffc);
690
    }
691
 
692
    updateFetchModeMask(/* CS reloaded */);
693
 
694
#if BX_CPU_LEVEL >= 4
695
    handleAlignmentCheck(); // task switch, CPL was modified
696
#endif
697
  }
698
 
699
  if (tss_descriptor->type >= 9 && (trap_word & 0x1)) {
700
    BX_CPU_THIS_PTR debug_trap |= BX_DEBUG_TRAP_TASK_SWITCH_BIT; // BT flag
701
    BX_CPU_THIS_PTR async_event = 1; // so processor knows to check
702
    BX_INFO(("task_switch: T bit set in new TSS"));
703
  }
704
 
705
#if BX_CPU_LEVEL >= 6
706
  handleSseModeChange(); /* CR0.TS changes */
707
#if BX_SUPPORT_AVX
708
  handleAvxModeChange();
709
#endif
710
#endif
711
 
712
  //
713
  // Step 12: Begin execution of new task.
714
  //
715
  BX_DEBUG(("TASKING: LEAVE"));
716
 
717
  RSP_SPECULATIVE;
718
 
719
  // push error code onto stack
720
  if (push_error) {
721
    if (tss_descriptor->type >= 9) // TSS386
722
      push_32(error_code);
723
    else
724
      push_16(error_code);
725
  }
726
 
727
  // instruction pointer must be in CS limit, else #GP(0)
728
  if (EIP > BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS].cache.u.segment.limit_scaled) {
729
    BX_ERROR(("task_switch: EIP > CS.limit"));
730
    exception(BX_GP_EXCEPTION, 0);
731
  }
732
 
733
  RSP_COMMIT;
734
}
735
 
736
void BX_CPU_C::task_switch_load_selector(bx_segment_reg_t *seg,
737
                 bx_selector_t *selector, Bit16u raw_selector, Bit8u cs_rpl)
738
{
739
  bx_descriptor_t descriptor;
740
  Bit32u dword1, dword2;
741
 
742
  // NULL selector is OK, will leave cache invalid
743
  if ((raw_selector & 0xfffc) != 0)
744
  {
745
    bx_bool good = fetch_raw_descriptor2(selector, &dword1, &dword2);
746
    if (!good) {
747
      BX_ERROR(("task_switch(%s): bad selector fetch !", strseg(seg)));
748
      exception(BX_TS_EXCEPTION, raw_selector & 0xfffc);
749
    }
750
 
751
    parse_descriptor(dword1, dword2, &descriptor);
752
 
753
    /* AR byte must indicate data or readable code segment else #TS(selector) */
754
    if (descriptor.segment==0 || (IS_CODE_SEGMENT(descriptor.type) &&
755
        IS_CODE_SEGMENT_READABLE(descriptor.type) == 0))
756
    {
757
      BX_ERROR(("task_switch(%s): not data or readable code !", strseg(seg)));
758
      exception(BX_TS_EXCEPTION, raw_selector & 0xfffc);
759
    }
760
 
761
    /* If data or non-conforming code, then both the RPL and the CPL
762
     * must be less than or equal to DPL in AR byte else #GP(selector) */
763
    if (IS_DATA_SEGMENT(descriptor.type) ||
764
        IS_CODE_SEGMENT_NON_CONFORMING(descriptor.type))
765
    {
766
      if ((selector->rpl > descriptor.dpl) || (cs_rpl > descriptor.dpl)) {
767
        BX_ERROR(("load_seg_reg(%s): RPL & CPL must be <= DPL", strseg(seg)));
768
        exception(BX_TS_EXCEPTION, raw_selector & 0xfffc);
769
      }
770
    }
771
 
772
    if (! IS_PRESENT(descriptor)) {
773
      BX_ERROR(("task_switch(%s): descriptor not present !", strseg(seg)));
774
      exception(BX_NP_EXCEPTION, raw_selector & 0xfffc);
775
    }
776
 
777
    touch_segment(selector, &descriptor);
778
 
779
    // All checks pass, fill in shadow cache
780
    seg->cache = descriptor;
781
  }
782
}
783
 
784
void BX_CPU_C::get_SS_ESP_from_TSS(unsigned pl, Bit16u *ss, Bit32u *esp)
785
{
786
  if (BX_CPU_THIS_PTR tr.cache.valid==0)
787
    BX_PANIC(("get_SS_ESP_from_TSS: TR.cache invalid"));
788
 
789
  if (BX_CPU_THIS_PTR tr.cache.type==BX_SYS_SEGMENT_AVAIL_386_TSS ||
790
      BX_CPU_THIS_PTR tr.cache.type==BX_SYS_SEGMENT_BUSY_386_TSS)
791
  {
792
    // 32-bit TSS
793
    Bit32u TSSstackaddr = 8*pl + 4;
794
    if ((TSSstackaddr+7) > BX_CPU_THIS_PTR tr.cache.u.segment.limit_scaled) {
795
      BX_DEBUG(("get_SS_ESP_from_TSS(386): TSSstackaddr > TSS.LIMIT"));
796
      exception(BX_TS_EXCEPTION, BX_CPU_THIS_PTR tr.selector.value & 0xfffc);
797
    }
798
    *ss  = system_read_word (BX_CPU_THIS_PTR tr.cache.u.segment.base + TSSstackaddr + 4);
799
    *esp = system_read_dword(BX_CPU_THIS_PTR tr.cache.u.segment.base + TSSstackaddr);
800
  }
801
  else if (BX_CPU_THIS_PTR tr.cache.type==BX_SYS_SEGMENT_AVAIL_286_TSS ||
802
           BX_CPU_THIS_PTR tr.cache.type==BX_SYS_SEGMENT_BUSY_286_TSS)
803
  {
804
    // 16-bit TSS
805
    Bit32u TSSstackaddr = 4*pl + 2;
806
    if ((TSSstackaddr+3) > BX_CPU_THIS_PTR tr.cache.u.segment.limit_scaled) {
807
      BX_DEBUG(("get_SS_ESP_from_TSS(286): TSSstackaddr > TSS.LIMIT"));
808
      exception(BX_TS_EXCEPTION, BX_CPU_THIS_PTR tr.selector.value & 0xfffc);
809
    }
810
    *ss  =          system_read_word(BX_CPU_THIS_PTR tr.cache.u.segment.base + TSSstackaddr + 2);
811
    *esp = (Bit32u) system_read_word(BX_CPU_THIS_PTR tr.cache.u.segment.base + TSSstackaddr);
812
  }
813
  else {
814
    BX_PANIC(("get_SS_ESP_from_TSS: TR is bogus type (%u)", (unsigned) BX_CPU_THIS_PTR tr.cache.type));
815
  }
816
}
817
 
818
#if BX_SUPPORT_X86_64
819
Bit64u BX_CPU_C::get_RSP_from_TSS(unsigned pl)
820
{
821
  if (BX_CPU_THIS_PTR tr.cache.valid==0)
822
    BX_PANIC(("get_RSP_from_TSS: TR.cache invalid"));
823
 
824
  // 32-bit TSS
825
  Bit32u TSSstackaddr = 8*pl + 4;
826
  if ((TSSstackaddr+7) > BX_CPU_THIS_PTR tr.cache.u.segment.limit_scaled) {
827
    BX_DEBUG(("get_RSP_from_TSS(): TSSstackaddr > TSS.LIMIT"));
828
    exception(BX_TS_EXCEPTION, BX_CPU_THIS_PTR tr.selector.value & 0xfffc);
829
  }
830
 
831
  Bit64u rsp = system_read_qword(BX_CPU_THIS_PTR tr.cache.u.segment.base + TSSstackaddr);
832
 
833
  if (! IsCanonical(rsp)) {
834
    BX_ERROR(("get_RSP_from_TSS: canonical address failure 0x%08x%08x", GET32H(rsp), GET32L(rsp)));
835
    exception(BX_SS_EXCEPTION, BX_CPU_THIS_PTR sregs[BX_SEG_REG_SS].selector.value & 0xfffc);
836
  }
837
 
838
  return rsp;
839
}
840
#endif  // #if BX_SUPPORT_X86_64

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.