diff options
Diffstat (limited to 'src/VBox/Devices/PC/BIOS/invop.c')
-rw-r--r-- | src/VBox/Devices/PC/BIOS/invop.c | 360 |
1 files changed, 360 insertions, 0 deletions
diff --git a/src/VBox/Devices/PC/BIOS/invop.c b/src/VBox/Devices/PC/BIOS/invop.c new file mode 100644 index 00000000..f8c77144 --- /dev/null +++ b/src/VBox/Devices/PC/BIOS/invop.c @@ -0,0 +1,360 @@ +/* $Id: invop.c $ */ +/** @file + * Real mode invalid opcode handler. + */ + +/* + * Copyright (C) 2013-2022 Oracle and/or its affiliates. + * + * This file is part of VirtualBox base platform packages, as + * available from https://www.virtualbox.org. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, in version 3 of the + * License. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <https://www.gnu.org/licenses>. + * + * SPDX-License-Identifier: GPL-3.0-only + */ + +#include <stdint.h> +#include <string.h> +#include "biosint.h" +#include "inlines.h" + +//#define EMU_386_LOADALL + +/* The layout of 286 LOADALL descriptors. */ +typedef struct tag_ldall_desc { + uint16_t base_lo; /* Bits 0-15 of segment base. */ + uint8_t base_hi; /* Bits 16-13 of segment base. */ + uint8_t attr; /* Segment attributes. */ + uint16_t limit; /* Segment limit. */ +} ldall_desc; + +/* The 286 LOADALL memory buffer at physical address 800h. From + * The Undocumented PC. + */ +typedef struct tag_ldall_286 { + uint16_t unused1[3]; + uint16_t msw; /* 806h */ + uint16_t unused2[7]; + uint16_t tr; /* 816h */ + uint16_t flags; /* 818h */ + uint16_t ip; /* 81Ah */ + uint16_t ldt; /* 81Ch */ + uint16_t ds; /* 81Eh */ + uint16_t ss; /* 820h */ + uint16_t cs; /* 822h */ + uint16_t es; /* 824h */ + uint16_t di; /* 826h */ + uint16_t si; /* 828h */ + uint16_t bp; /* 82Ah */ + uint16_t sp; /* 82Ch */ + uint16_t bx; /* 82Eh */ + uint16_t dx; /* 830h */ + uint16_t cx; /* 832h */ + uint16_t ax; /* 834h */ + ldall_desc es_desc; /* 836h */ + ldall_desc cs_desc; /* 83Ch */ + ldall_desc ss_desc; /* 842h */ + ldall_desc ds_desc; /* 848h */ + ldall_desc gdt_desc; /* 84Eh */ + ldall_desc ldt_desc; /* 854h */ + ldall_desc idt_desc; /* 85Ah */ + ldall_desc tss_desc; /* 860h */ +} ldall_286_s; +ct_assert(sizeof(ldall_286_s) == 0x66); + +#ifdef EMU_386_LOADALL + +/* The layout of 386 LOADALL descriptors. */ +typedef struct tag_ldal3_desc { + uint32_t attr; /* Segment attributes. */ + uint32_t base; /* Expanded segment base. */ + uint32_t limit; /* Expanded segment limit. */ +} ldal3_desc; + +/* The 386 LOADALL memory buffer pointed to by ES:EDI. + */ +typedef struct tag_ldall_386 { + uint32_t cr0; /* 00h */ + uint32_t eflags; /* 04h */ + uint32_t eip; /* 08h */ + uint32_t edi; /* 0Ch */ + uint32_t esi; /* 10h */ + uint32_t ebp; /* 14h */ + uint32_t esp; /* 18h */ + uint32_t ebx; /* 1Ch */ + uint32_t edx; /* 20h */ + uint32_t ecx; /* 24h */ + uint32_t eax; /* 28h */ + uint32_t dr6; /* 2Ch */ + uint32_t dr7; /* 30h */ + uint32_t tr; /* 34h */ + uint32_t ldt; /* 38h */ + uint32_t gs; /* 3Ch */ + uint32_t fs; /* 40h */ + uint32_t ds; /* 44h */ + uint32_t ss; /* 4Ch */ + uint32_t cs; /* 48h */ + uint32_t es; /* 50h */ + ldal3_desc tss_desc; /* 54h */ + ldal3_desc idt_desc; /* 60h */ + ldal3_desc gdt_desc; /* 6Ch */ + ldal3_desc ldt_desc; /* 78h */ + ldal3_desc gs_desc; /* 84h */ + ldal3_desc fs_desc; /* 90h */ + ldal3_desc ds_desc; /* 9Ch */ + ldal3_desc ss_desc; /* A8h */ + ldal3_desc cs_desc; /* B4h */ + ldal3_desc es_desc; /* C0h */ +} ldall_386_s; +ct_assert(sizeof(ldall_386_s) == 0xCC); + +#endif + +/* + * LOADALL emulation assumptions: + * - MSW indicates real mode + * - Standard real mode CS and SS is to be used + * - Segment values of non-RM segments (if any) do not matter + * - Standard segment attributes are used + */ + +/* A wrapper for LIDT. */ +void load_idtr(uint32_t base, uint16_t limit); +#pragma aux load_idtr = \ + ".286p" \ + "mov bx, sp" \ + "lidt fword ptr ss:[bx]"\ + parm caller reverse [] modify [bx] exact; + +/* A wrapper for LGDT. */ +void load_gdtr(uint32_t base, uint16_t limit); +#pragma aux load_gdtr = \ + ".286p" \ + "mov bx, sp" \ + "lgdt fword ptr ss:[bx]"\ + parm caller reverse [] modify [bx] exact; + +/* Load DS/ES as real-mode segments. May be overwritten later. + * NB: Loads SS with 80h to address the LOADALL buffer. Must + * not touch CX! + */ +void load_rm_segs(int seg_flags); +#pragma aux load_rm_segs = \ + "mov ax, 80h" \ + "mov ss, ax" \ + "mov ax, ss:[1Eh]" \ + "mov ds, ax" \ + "mov ax, ss:[24h]" \ + "mov es, ax" \ + parm [cx] nomemory modify nomemory; + +/* Briefly switch to protected mode and load ES and/or DS if necessary. + * NB: Trashes high bits of EAX, but that should be safe. Expects flags + * in CX. + */ +void load_pm_segs(void); +#pragma aux load_pm_segs = \ + ".386p" \ + "smsw ax" \ + "inc ax" \ + "lmsw ax" \ + "mov ax, 8" \ + "test cx, 1" \ + "jz skip_es" \ + "mov es, ax" \ + "skip_es:" \ + "test cx, 2" \ + "jz skip_ds" \ + "mov bx,ss:[00h]" \ + "mov ss:[08h], bx" \ + "mov bx,ss:[02h]" \ + "mov ss:[0Ah], bx" \ + "mov bx,ss:[04h]" \ + "mov ss:[0Ch], bx" \ + "mov ds, ax" \ + "skip_ds:" \ + "mov eax, cr0" \ + "dec ax" \ + "mov cr0, eax" \ + parm nomemory modify nomemory; + +/* Complete LOADALL emulation: Restore general-purpose registers, stack + * pointer, and CS:IP. NB: The LOADALL instruction stores registers in + * the same order as PUSHA. Surprise, surprise! + */ +void ldall_finish(void); +#pragma aux ldall_finish = \ + ".286" \ + "mov sp, 26h" \ + "popa" \ + "mov sp, ss:[2Ch]" \ + "sub sp, 6" \ + "mov ss, ss:[20h]" \ + "iret" \ + parm nomemory modify nomemory aborts; + +#ifdef EMU_386_LOADALL + +/* 386 version of the above. */ +void ldal3_finish(void); +#pragma aux ldal3_finish = \ + ".386" \ + "mov sp, 28h" \ + "popad" \ + "mov sp, ss:[18h]" \ + "sub sp, 6" \ + "mov ss, ss:[48h]" \ + "iret" \ + parm nomemory modify nomemory aborts; + +/* 386 version of load_rm_segs. + * NB: Must not touch CX! + */ +void load_rm_seg3(int seg_flags, uint16_t ss_base); +#pragma aux load_rm_seg3 = \ + "mov ss, ax" \ + "mov ax, ss:[44h]" \ + "mov ds, ax" \ + "mov ax, ss:[50h]" \ + "mov es, ax" \ + parm [ax] [cx] nomemory modify nomemory; + +#endif + +#define LOAD_ES 0x01 /* ES needs to be loaded in protected mode. */ +#define LOAD_DS 0x02 /* DS needs to be loaded in protected mode. */ + +/* + * The invalid opcode handler exists to work around fishy application + * code and paper over CPU generation differences: + * + * - Skip redundant LOCK prefixes (allowed on 8086, #UD on 286+). + * - Emulate just enough of 286 LOADALL. + * + */ +void BIOSCALL inv_op_handler(uint16_t ds, uint16_t es, pusha_regs_t gr, volatile iret_addr_t ra) +{ + void __far *ins = ra.cs :> ra.ip; + + if (*(uint8_t __far *)ins == 0xF0) { + /* LOCK prefix - skip over it and try again. */ + ++ra.ip; + } else if (*(uint16_t __far *)ins == 0x050F) { + /* 286 LOADALL. NB: Same opcode as SYSCALL. */ + ldall_286_s __far *ldbuf = 0 :> 0x800; + iret_addr_t __far *ret_addr; + uint32_t seg_base; + int seg_flags = 0; + + /* One of the challenges is that we must restore SS:SP as well + * as CS:IP and FLAGS from the LOADALL buffer. We copy CS/IP/FLAGS + * from the buffer just below the SS:SP values from the buffer so + * that we can eventually IRET to the desired CS/IP/FLAGS/SS/SP + * values in one go. + */ + ret_addr = ldbuf->ss :> (ldbuf->sp - sizeof(iret_addr_t)); + ret_addr->ip = ldbuf->ip; + ret_addr->cs = ldbuf->cs; + ret_addr->flags.u.r16.flags = ldbuf->flags; + + /* Examine ES/DS. */ + seg_base = ldbuf->es_desc.base_lo | (uint32_t)ldbuf->es_desc.base_hi << 16; + if (seg_base != (uint32_t)ldbuf->es << 4) + seg_flags |= LOAD_ES; + seg_base = ldbuf->ds_desc.base_lo | (uint32_t)ldbuf->ds_desc.base_hi << 16; + if (seg_base != (uint32_t)ldbuf->ds << 4) + seg_flags |= LOAD_DS; + + /* The LOADALL buffer doubles as a tiny GDT. */ + load_gdtr(0x800, 4 * 8 - 1); + + /* Store the ES base/limit/attributes in the unused words (GDT selector 8). */ + ldbuf->unused2[0] = ldbuf->es_desc.limit; + ldbuf->unused2[1] = ldbuf->es_desc.base_lo; + ldbuf->unused2[2] = (ldbuf->es_desc.attr << 8) | ldbuf->es_desc.base_hi; + ldbuf->unused2[3] = 0; + + /* Store the DS base/limit/attributes in other unused words. */ + ldbuf->unused1[0] = ldbuf->ds_desc.limit; + ldbuf->unused1[1] = ldbuf->ds_desc.base_lo; + ldbuf->unused1[2] = (ldbuf->ds_desc.attr << 8) | ldbuf->ds_desc.base_hi; + + /* Load the IDTR as specified. */ + seg_base = ldbuf->idt_desc.base_lo | (uint32_t)ldbuf->idt_desc.base_hi << 16; + load_idtr(seg_base, ldbuf->idt_desc.limit); + + /* Do the tricky bits now. */ + load_rm_segs(seg_flags); + load_pm_segs(); + ldall_finish(); +#ifdef EMU_386_LOADALL + } else if (*(uint16_t __far *)ins == 0x070F) { + /* 386 LOADALL. NB: Same opcode as SYSRET. */ + ldall_386_s __far *ldbuf = (void __far *)es :> gr.u.r16.di; /* Assume 16-bit value in EDI. */ + ldall_286_s __far *ldbuf2 = 0 :> 0x800; + iret_addr_t __far *ret_addr; + uint32_t seg_base; + int seg_flags = 0; + + /* NB: BIG FAT ASSUMPTION! Users of 386 LOADALL are assumed to also + * have a 286 LOADALL buffer at physical address 800h. We use unused fields + * in that buffer for temporary storage. + */ + + /* Set up return stack. */ + ret_addr = ldbuf->ss :> (ldbuf->esp - sizeof(iret_addr_t)); + ret_addr->ip = ldbuf->eip; + ret_addr->cs = ldbuf->cs; + ret_addr->flags.u.r16.flags = ldbuf->eflags; + + /* Examine ES/DS. */ + seg_base = ldbuf->es_desc.base; + if (seg_base != (uint32_t)ldbuf->es << 4) + seg_flags |= LOAD_ES; + seg_base = ldbuf->ds_desc.base; + if (seg_base != (uint32_t)ldbuf->ds << 4) + seg_flags |= LOAD_DS; + + /* The LOADALL buffer doubles as a tiny GDT. */ + load_gdtr(0x800, 4 * 8 - 1); + + /* Store the ES base/limit/attributes in the unused words (GDT selector 8). */ + ldbuf2->unused2[0] = ldbuf->es_desc.limit; + ldbuf2->unused2[1] = (uint16_t)ldbuf->es_desc.base; + ldbuf2->unused2[2] = (ldbuf->es_desc.attr & 0xFF00) | (ldbuf->es_desc.base >> 16); + ldbuf2->unused2[3] = 0; + + /* Store the DS base/limit/attributes in other unused words. */ + ldbuf2->unused1[0] = ldbuf->ds_desc.limit; + ldbuf2->unused1[1] = (uint16_t)ldbuf->ds_desc.base; + ldbuf2->unused1[2] = (ldbuf->ds_desc.attr & 0xFF00) | (ldbuf->ds_desc.base >> 16); + + /* Load the IDTR as specified. */ + seg_base = ldbuf->idt_desc.base; + load_idtr(seg_base, ldbuf->idt_desc.limit); + + /* Do the tricky bits now. */ + load_rm_seg3(es, seg_flags); + load_pm_segs(); + ldal3_finish(); +#endif + } else { + /* There isn't much point in executing the invalid opcode handler + * in an endless loop, so halt right here. + */ + int_enable(); + halt_forever(); + } +} |