cmps and scas instructions accept repeat prefixes F3 and F2. So in
order to emulate those prefixed instructions we need to be able to know
if prefixes are REP/REPE/REPZ or REPNE/REPNZ. Currently kvm doesn't make
this distinction. This patch introduces this distinction.
Signed-off-by: NGuillaume Thouvenin <guillaume.thouvenin@ext.bull.net>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Instead of fetching one byte at a time, prefetch 15 bytes (or until the next
page boundary) to avoid guest page table walks.
Signed-off-by: NAvi Kivity <avi@qumranet.com>

The current 'lods' and 'stos' is depending on incoming CR2 rather than decode
memory address from registers.
Signed-off-by: NSheng Yang <sheng.yang@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

it is removed beacuse it isnt supported on a real host
Signed-off-by: NIzik Eidus <izike@qumranet.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Signed-off-by: NAvi Kivity <avi@qumranet.com>

Now that rex_prefix is part of the decode cache, there is no need to pass
it along.
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Instructions like 'inc reg' that have the register operand encoded
in the opcode are currently specially decoded.  Extend
decode_register_operand() to handle that case, indicated by having
DstReg or SrcReg without ModRM.
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Share the common parts of SrcReg and DstReg decoding.
Signed-off-by: NAvi Kivity <avi@qumranet.com>

The 'mov abs' instruction family (opcodes 0xa0 - 0xa3) still depends on cr2
provided by the page fault handler.  This is wrong for several reasons:

- if an instruction accessed misaligned data that crosses a page boundary,
  and if the fault happened on the second page, cr2 will point at the
  second page, not the data itself.

- if we're emulating in real mode, or due to a FlexPriority exit, there
  is no cr2 generated.

So, this change adds decoding for this instruction form and drops reliance
on cr2.
Signed-off-by: NAvi Kivity <avi@qumranet.com>

First step to split kvm_vcpu.  Currently, we just use an macro to define
the common fields in kvm_vcpu for all archs, and all archs need to define
its own kvm_vcpu struct.
Signed-off-by: NZhang Xiantao <xiantao.zhang@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Instruction: cmc, clc, cli, sti
opcodes: 0xf5, 0xf8, 0xfa, 0xfb respectively.

[avi: fix reference to EFLG_IF which is not defined anywhere]
Signed-off-by: NNitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Instructions:
	inc r16/r32 (opcode 0x40-0x47)
	dec r16/r32 (opcode 0x48-0x4f)
Signed-off-by: NNitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Signed-off-by: NMike D. Day <ncmike@ncultra.org>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

This patch modifies the management of REX prefix according behavior
I saw in Xen 3.1.  In Xen, this modification has been introduced by
Jan Beulich.

http://lists.xensource.com/archives/html/xen-changelog/2007-01/msg00081.htmlSigned-off-by: NLaurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Signed-off-by: NQing He <qing.he@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Remove no_wb, use dst.type = OP_NONE instead, idea stollen from xen-3.1
Signed-off-by: NLaurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Remove _eflags and use directly ctxt->eflags. Caching eflags is not needed as
it is restored to vcpu by kvm_main.c:emulate_instruction() from ctxt->eflags
only if emulation doesn't fail.
Signed-off-by: NLaurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

To improve readability, move push, writeback, and grp 1a/2/3/4/5/9 emulation
parts into functions.
Signed-off-by: NLaurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Move emulate_ctxt to kvm_vcpu to keep emulate context when we exit from kvm
module. Call x86_decode_insn() only when needed. Modify x86_emulate_insn() to
not modify the context if it must be re-entered.
Signed-off-by: NLaurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

emulate_instruction() calls now x86_decode_insn() and x86_emulate_insn().
x86_emulate_insn() is x86_emulate_memop() without the decoding part.
Signed-off-by: NLaurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Split the decoding process into a new function x86_decode_insn().
Signed-off-by: NLaurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Move all x86_emulate_memop() common variables between decode and execute to a
structure decode_cache.  This will help in later separating decode and
emulate.

            struct decode_cache {
                u8 twobyte;
                u8 b;
                u8 lock_prefix;
                u8 rep_prefix;
                u8 op_bytes;
                u8 ad_bytes;
                struct operand src;
                struct operand dst;
                unsigned long *override_base;
                unsigned int d;
                unsigned long regs[NR_VCPU_REGS];
                unsigned long eip;
                /* modrm */
                u8 modrm;
                u8 modrm_mod;
                u8 modrm_reg;
                u8 modrm_rm;
                u8 use_modrm_ea;
                unsigned long modrm_ea;
                unsigned long modrm_val;
           };
Signed-off-by: NLaurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Remove #ifdef functions never used
Signed-off-by: NLaurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

This patch refactors the current hypercall infrastructure to better
support live migration and SMP.  It eliminates the hypercall page by
trapping the UD exception that would occur if you used the wrong hypercall
instruction for the underlying architecture and replacing it with the right
one lazily.

A fall-out of this patch is that the unhandled hypercalls no longer trap to
userspace.  There is very little reason though to use a hypercall to
communicate with userspace as PIO or MMIO can be used.  There is no code
in tree that uses userspace hypercalls.

[avi: fix #ud injection on vmx]
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Add vmmcall/vmcall to x86_emulate.  Future patch will implement functionality
for these instructions.
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

emulator_write_std() is not implemented, and calling write_emulated should
work just as well in place of write_std.

Fixes emulator failures with the push r/m instruction.
Signed-off-by: NAmit Shah <amit.shah@qumranet.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

this make sure that no matter what is the operand size,
all the value of the eip will be saved
Signed-off-by: NIzik Eidus <izike@qumranet.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Change JMP_REL to call to register_address_increment(): the operands size
should not effect the calculation of the eip, instead the ad_bytes should
affect it.
Signed-off-by: NIzik Eidus <izike@qumranet.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Emulate the 'invd' instruction (opcode 0f 08).
Signed-off-by: NAvi Kivity <avi@qumranet.com>

'push imm8' found itself in the wrong switch somehow, so it is never executed.

This fixes Windows 2003 installation.
Signed-off-by: NAvi Kivity <avi@qumranet.com>

The patch belows changes the access type to register from memory for
instructions that are declared as SrcMem or DstMem, but have a
ModR/M byte with Mod = 3.

It fixes (at least) the lmsw and smsw instructions on an AMD64 CPU,
which are needed for FreeBSD.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Implement emulation of instruction:
    movnti m32/m64, r32/r64
    opcode: 0x0f 0xc3
Signed-off-by: NSheng Yang <sheng.yang@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

The repnz/repne instructions must set rep_prefix to 1 like rep/repe/repz.

This patch correct the disk probe problem met with OpenBSD.

This issue appears with commit e70669ab
because before it, the decoding was done internally to kvm and after it
is done by x86_emulate.c (which doesn't do it correctly).
Signed-off-by: NLaurent Vivier <Laurent.Vivier@bull.net>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

This code has gone to wrong place in the file. Moving it back to
right location.
Signed-off-by: NNitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Implement emulation of instruction:
    popf
    opcode:  0x9d
Signed-off-by: NNitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Some operand fetches are less than the machine word size and can result in
stale bits if used together with operands of different sizes.
Signed-off-by: NNitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Implement emulation of instruction:
    jump absolute r/m
    opcode: 0xff /4
Signed-off-by: NNitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Implement emulation of instruction
    lea r16/r32, m
    opcode:  0x8d:
Signed-off-by: NNitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Implement emulation of more jump conditional instructions
    jcc shortrel
    opcodes: 0x70 - 0x7f
Signed-off-by: NNitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>

Implement emulation of instruction:
    jump conditional rel
    opcodes: 0x0f 0x80 - 0x0f 0x8f
Signed-off-by: NNitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: NAvi Kivity <avi@qumranet.com>