LXR qemu/target/i386/helper.c

   1/*
   2 *  i386 helpers (without register variable usage)
   3 *
   4 *  Copyright (c) 2003 Fabrice Bellard
   5 *
   6 * This library is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU Lesser General Public
   8 * License as published by the Free Software Foundation; either
   9 * version 2.1 of the License, or (at your option) any later version.
  10 *
  11 * This library is distributed in the hope that it will be useful,
  12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * Lesser General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU Lesser General Public
  17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20#include "qemu/osdep.h"
  21#include "qapi/qapi-events-run-state.h"
  22#include "cpu.h"
  23#include "exec/exec-all.h"
  24#include "sysemu/runstate.h"
  25#include "kvm/kvm_i386.h"
  26#ifndef CONFIG_USER_ONLY
  27#include "sysemu/hw_accel.h"
  28#include "monitor/monitor.h"
  29#endif
  30#include "qemu/log.h"
  31
  32void cpu_sync_bndcs_hflags(CPUX86State *env)
  33{
  34    uint32_t hflags = env->hflags;
  35    uint32_t hflags2 = env->hflags2;
  36    uint32_t bndcsr;
  37
  38    if ((hflags & HF_CPL_MASK) == 3) {
  39        bndcsr = env->bndcs_regs.cfgu;
  40    } else {
  41        bndcsr = env->msr_bndcfgs;
  42    }
  43
  44    if ((env->cr[4] & CR4_OSXSAVE_MASK)
  45        && (env->xcr0 & XSTATE_BNDCSR_MASK)
  46        && (bndcsr & BNDCFG_ENABLE)) {
  47        hflags |= HF_MPX_EN_MASK;
  48    } else {
  49        hflags &= ~HF_MPX_EN_MASK;
  50    }
  51
  52    if (bndcsr & BNDCFG_BNDPRESERVE) {
  53        hflags2 |= HF2_MPX_PR_MASK;
  54    } else {
  55        hflags2 &= ~HF2_MPX_PR_MASK;
  56    }
  57
  58    env->hflags = hflags;
  59    env->hflags2 = hflags2;
  60}
  61
  62static void cpu_x86_version(CPUX86State *env, int *family, int *model)
  63{
  64    int cpuver = env->cpuid_version;
  65
  66    if (family == NULL || model == NULL) {
  67        return;
  68    }
  69
  70    *family = (cpuver >> 8) & 0x0f;
  71    *model = ((cpuver >> 12) & 0xf0) + ((cpuver >> 4) & 0x0f);
  72}
  73
  74/* Broadcast MCA signal for processor version 06H_EH and above */
  75int cpu_x86_support_mca_broadcast(CPUX86State *env)
  76{
  77    int family = 0;
  78    int model = 0;
  79
  80    cpu_x86_version(env, &family, &model);
  81    if ((family == 6 && model >= 14) || family > 6) {
  82        return 1;
  83    }
  84
  85    return 0;
  86}
  87
  88/***********************************************************/
  89/* x86 mmu */
  90/* XXX: add PGE support */
  91
  92void x86_cpu_set_a20(X86CPU *cpu, int a20_state)
  93{
  94    CPUX86State *env = &cpu->env;
  95
  96    a20_state = (a20_state != 0);
  97    if (a20_state != ((env->a20_mask >> 20) & 1)) {
  98        CPUState *cs = CPU(cpu);
  99
 100        qemu_log_mask(CPU_LOG_MMU, "A20 update: a20=%d\n", a20_state);
 101        /* if the cpu is currently executing code, we must unlink it and
 102           all the potentially executing TB */
 103        cpu_interrupt(cs, CPU_INTERRUPT_EXITTB);
 104
 105        /* when a20 is changed, all the MMU mappings are invalid, so
 106           we must flush everything */
 107        tlb_flush(cs);
 108        env->a20_mask = ~(1 << 20) | (a20_state << 20);
 109    }
 110}
 111
 112void cpu_x86_update_cr0(CPUX86State *env, uint32_t new_cr0)
 113{
 114    X86CPU *cpu = env_archcpu(env);
 115    int pe_state;
 116
 117    qemu_log_mask(CPU_LOG_MMU, "CR0 update: CR0=0x%08x\n", new_cr0);
 118    if ((new_cr0 & (CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK)) !=
 119        (env->cr[0] & (CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK))) {
 120        tlb_flush(CPU(cpu));
 121    }
 122
 123#ifdef TARGET_X86_64
 124    if (!(env->cr[0] & CR0_PG_MASK) && (new_cr0 & CR0_PG_MASK) &&
 125        (env->efer & MSR_EFER_LME)) {
 126        /* enter in long mode */
 127        /* XXX: generate an exception */
 128        if (!(env->cr[4] & CR4_PAE_MASK))
 129            return;
 130        env->efer |= MSR_EFER_LMA;
 131        env->hflags |= HF_LMA_MASK;
 132    } else if ((env->cr[0] & CR0_PG_MASK) && !(new_cr0 & CR0_PG_MASK) &&
 133               (env->efer & MSR_EFER_LMA)) {
 134        /* exit long mode */
 135        env->efer &= ~MSR_EFER_LMA;
 136        env->hflags &= ~(HF_LMA_MASK | HF_CS64_MASK);
 137        env->eip &= 0xffffffff;
 138    }
 139#endif
 140    env->cr[0] = new_cr0 | CR0_ET_MASK;
 141
 142    /* update PE flag in hidden flags */
 143    pe_state = (env->cr[0] & CR0_PE_MASK);
 144    env->hflags = (env->hflags & ~HF_PE_MASK) | (pe_state << HF_PE_SHIFT);
 145    /* ensure that ADDSEG is always set in real mode */
 146    env->hflags |= ((pe_state ^ 1) << HF_ADDSEG_SHIFT);
 147    /* update FPU flags */
 148    env->hflags = (env->hflags & ~(HF_MP_MASK | HF_EM_MASK | HF_TS_MASK)) |
 149        ((new_cr0 << (HF_MP_SHIFT - 1)) & (HF_MP_MASK | HF_EM_MASK | HF_TS_MASK));
 150}
 151
 152/* XXX: in legacy PAE mode, generate a GPF if reserved bits are set in
 153   the PDPT */
 154void cpu_x86_update_cr3(CPUX86State *env, target_ulong new_cr3)
 155{
 156    env->cr[3] = new_cr3;
 157    if (env->cr[0] & CR0_PG_MASK) {
 158        qemu_log_mask(CPU_LOG_MMU,
 159                        "CR3 update: CR3=" TARGET_FMT_lx "\n", new_cr3);
 160        tlb_flush(env_cpu(env));
 161    }
 162}
 163
 164void cpu_x86_update_cr4(CPUX86State *env, uint32_t new_cr4)
 165{
 166    uint32_t hflags;
 167
 168#if defined(DEBUG_MMU)
 169    printf("CR4 update: %08x -> %08x\n", (uint32_t)env->cr[4], new_cr4);
 170#endif
 171    if ((new_cr4 ^ env->cr[4]) &
 172        (CR4_PGE_MASK | CR4_PAE_MASK | CR4_PSE_MASK |
 173         CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_LA57_MASK)) {
 174        tlb_flush(env_cpu(env));
 175    }
 176
 177    /* Clear bits we're going to recompute.  */
 178    hflags = env->hflags & ~(HF_OSFXSR_MASK | HF_SMAP_MASK | HF_UMIP_MASK);
 179
 180    /* SSE handling */
 181    if (!(env->features[FEAT_1_EDX] & CPUID_SSE)) {
 182        new_cr4 &= ~CR4_OSFXSR_MASK;
 183    }
 184    if (new_cr4 & CR4_OSFXSR_MASK) {
 185        hflags |= HF_OSFXSR_MASK;
 186    }
 187
 188    if (!(env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SMAP)) {
 189        new_cr4 &= ~CR4_SMAP_MASK;
 190    }
 191    if (new_cr4 & CR4_SMAP_MASK) {
 192        hflags |= HF_SMAP_MASK;
 193    }
 194    if (!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_UMIP)) {
 195        new_cr4 &= ~CR4_UMIP_MASK;
 196    }
 197    if (new_cr4 & CR4_UMIP_MASK) {
 198        hflags |= HF_UMIP_MASK;
 199    }
 200
 201    if (!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKU)) {
 202        new_cr4 &= ~CR4_PKE_MASK;
 203    }
 204    if (!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKS)) {
 205        new_cr4 &= ~CR4_PKS_MASK;
 206    }
 207
 208    env->cr[4] = new_cr4;
 209    env->hflags = hflags;
 210
 211    cpu_sync_bndcs_hflags(env);
 212}
 213
 214#if !defined(CONFIG_USER_ONLY)
 215hwaddr x86_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
 216                                         MemTxAttrs *attrs)
 217{
 218    X86CPU *cpu = X86_CPU(cs);
 219    CPUX86State *env = &cpu->env;
 220    target_ulong pde_addr, pte_addr;
 221    uint64_t pte;
 222    int32_t a20_mask;
 223    uint32_t page_offset;
 224    int page_size;
 225
 226    *attrs = cpu_get_mem_attrs(env);
 227
 228    a20_mask = x86_get_a20_mask(env);
 229    if (!(env->cr[0] & CR0_PG_MASK)) {
 230        pte = addr & a20_mask;
 231        page_size = 4096;
 232    } else if (env->cr[4] & CR4_PAE_MASK) {
 233        target_ulong pdpe_addr;
 234        uint64_t pde, pdpe;
 235
 236#ifdef TARGET_X86_64
 237        if (env->hflags & HF_LMA_MASK) {
 238            bool la57 = env->cr[4] & CR4_LA57_MASK;
 239            uint64_t pml5e_addr, pml5e;
 240            uint64_t pml4e_addr, pml4e;
 241            int32_t sext;
 242
 243            /* test virtual address sign extension */
 244            sext = la57 ? (int64_t)addr >> 56 : (int64_t)addr >> 47;
 245            if (sext != 0 && sext != -1) {
 246                return -1;
 247            }
 248
 249            if (la57) {
 250                pml5e_addr = ((env->cr[3] & ~0xfff) +
 251                        (((addr >> 48) & 0x1ff) << 3)) & a20_mask;
 252                pml5e = x86_ldq_phys(cs, pml5e_addr);
 253                if (!(pml5e & PG_PRESENT_MASK)) {
 254                    return -1;
 255                }
 256            } else {
 257                pml5e = env->cr[3];
 258            }
 259
 260            pml4e_addr = ((pml5e & PG_ADDRESS_MASK) +
 261                    (((addr >> 39) & 0x1ff) << 3)) & a20_mask;
 262            pml4e = x86_ldq_phys(cs, pml4e_addr);
 263            if (!(pml4e & PG_PRESENT_MASK)) {
 264                return -1;
 265            }
 266            pdpe_addr = ((pml4e & PG_ADDRESS_MASK) +
 267                         (((addr >> 30) & 0x1ff) << 3)) & a20_mask;
 268            pdpe = x86_ldq_phys(cs, pdpe_addr);
 269            if (!(pdpe & PG_PRESENT_MASK)) {
 270                return -1;
 271            }
 272            if (pdpe & PG_PSE_MASK) {
 273                page_size = 1024 * 1024 * 1024;
 274                pte = pdpe;
 275                goto out;
 276            }
 277
 278        } else
 279#endif
 280        {
 281            pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 27) & 0x18)) &
 282                a20_mask;
 283            pdpe = x86_ldq_phys(cs, pdpe_addr);
 284            if (!(pdpe & PG_PRESENT_MASK))
 285                return -1;
 286        }
 287
 288        pde_addr = ((pdpe & PG_ADDRESS_MASK) +
 289                    (((addr >> 21) & 0x1ff) << 3)) & a20_mask;
 290        pde = x86_ldq_phys(cs, pde_addr);
 291        if (!(pde & PG_PRESENT_MASK)) {
 292            return -1;
 293        }
 294        if (pde & PG_PSE_MASK) {
 295            /* 2 MB page */
 296            page_size = 2048 * 1024;
 297            pte = pde;
 298        } else {
 299            /* 4 KB page */
 300            pte_addr = ((pde & PG_ADDRESS_MASK) +
 301                        (((addr >> 12) & 0x1ff) << 3)) & a20_mask;
 302            page_size = 4096;
 303            pte = x86_ldq_phys(cs, pte_addr);
 304        }
 305        if (!(pte & PG_PRESENT_MASK)) {
 306            return -1;
 307        }
 308    } else {
 309        uint32_t pde;
 310
 311        /* page directory entry */
 312        pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & 0xffc)) & a20_mask;
 313        pde = x86_ldl_phys(cs, pde_addr);
 314        if (!(pde & PG_PRESENT_MASK))
 315            return -1;
 316        if ((pde & PG_PSE_MASK) && (env->cr[4] & CR4_PSE_MASK)) {
 317            pte = pde | ((pde & 0x1fe000LL) << (32 - 13));
 318            page_size = 4096 * 1024;
 319        } else {
 320            /* page directory entry */
 321            pte_addr = ((pde & ~0xfff) + ((addr >> 10) & 0xffc)) & a20_mask;
 322            pte = x86_ldl_phys(cs, pte_addr);
 323            if (!(pte & PG_PRESENT_MASK)) {
 324                return -1;
 325            }
 326            page_size = 4096;
 327        }
 328        pte = pte & a20_mask;
 329    }
 330
 331#ifdef TARGET_X86_64
 332out:
 333#endif
 334    pte &= PG_ADDRESS_MASK & ~(page_size - 1);
 335    page_offset = (addr & TARGET_PAGE_MASK) & (page_size - 1);
 336    return pte | page_offset;
 337}
 338
 339typedef struct MCEInjectionParams {
 340    Monitor *mon;
 341    int bank;
 342    uint64_t status;
 343    uint64_t mcg_status;
 344    uint64_t addr;
 345    uint64_t misc;
 346    int flags;
 347} MCEInjectionParams;
 348
 349static void emit_guest_memory_failure(MemoryFailureAction action, bool ar,
 350                                      bool recursive)
 351{
 352    MemoryFailureFlags mff = {.action_required = ar, .recursive = recursive};
 353
 354    qapi_event_send_memory_failure(MEMORY_FAILURE_RECIPIENT_GUEST, action,
 355                                   &mff);
 356}
 357
 358static void do_inject_x86_mce(CPUState *cs, run_on_cpu_data data)
 359{
 360    MCEInjectionParams *params = data.host_ptr;
 361    X86CPU *cpu = X86_CPU(cs);
 362    CPUX86State *cenv = &cpu->env;
 363    uint64_t *banks = cenv->mce_banks + 4 * params->bank;
 364    g_autofree char *msg = NULL;
 365    bool need_reset = false;
 366    bool recursive;
 367    bool ar = !!(params->status & MCI_STATUS_AR);
 368
 369    cpu_synchronize_state(cs);
 370    recursive = !!(cenv->mcg_status & MCG_STATUS_MCIP);
 371
 372    /*
 373     * If there is an MCE exception being processed, ignore this SRAO MCE
 374     * unless unconditional injection was requested.
 375     */
 376    if (!(params->flags & MCE_INJECT_UNCOND_AO) && !ar && recursive) {
 377        emit_guest_memory_failure(MEMORY_FAILURE_ACTION_IGNORE, ar, recursive);
 378        return;
 379    }
 380
 381    if (params->status & MCI_STATUS_UC) {
 382        /*
 383         * if MSR_MCG_CTL is not all 1s, the uncorrected error
 384         * reporting is disabled
 385         */
 386        if ((cenv->mcg_cap & MCG_CTL_P) && cenv->mcg_ctl != ~(uint64_t)0) {
 387            monitor_printf(params->mon,
 388                           "CPU %d: Uncorrected error reporting disabled\n",
 389                           cs->cpu_index);
 390            return;
 391        }
 392
 393        /*
 394         * if MSR_MCi_CTL is not all 1s, the uncorrected error
 395         * reporting is disabled for the bank
 396         */
 397        if (banks[0] != ~(uint64_t)0) {
 398            monitor_printf(params->mon,
 399                           "CPU %d: Uncorrected error reporting disabled for"
 400                           " bank %d\n",
 401                           cs->cpu_index, params->bank);
 402            return;
 403        }
 404
 405        if (!(cenv->cr[4] & CR4_MCE_MASK)) {
 406            need_reset = true;
 407            msg = g_strdup_printf("CPU %d: MCE capability is not enabled, "
 408                                  "raising triple fault", cs->cpu_index);
 409        } else if (recursive) {
 410            need_reset = true;
 411            msg = g_strdup_printf("CPU %d: Previous MCE still in progress, "
 412                                  "raising triple fault", cs->cpu_index);
 413        }
 414
 415        if (need_reset) {
 416            emit_guest_memory_failure(MEMORY_FAILURE_ACTION_RESET, ar,
 417                                      recursive);
 418            monitor_printf(params->mon, "%s", msg);
 419            qemu_log_mask(CPU_LOG_RESET, "%s\n", msg);
 420            qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
 421            return;
 422        }
 423
 424        if (banks[1] & MCI_STATUS_VAL) {
 425            params->status |= MCI_STATUS_OVER;
 426        }
 427        banks[2] = params->addr;
 428        banks[3] = params->misc;
 429        cenv->mcg_status = params->mcg_status;
 430        banks[1] = params->status;
 431        cpu_interrupt(cs, CPU_INTERRUPT_MCE);
 432    } else if (!(banks[1] & MCI_STATUS_VAL)
 433               || !(banks[1] & MCI_STATUS_UC)) {
 434        if (banks[1] & MCI_STATUS_VAL) {
 435            params->status |= MCI_STATUS_OVER;
 436        }
 437        banks[2] = params->addr;
 438        banks[3] = params->misc;
 439        banks[1] = params->status;
 440    } else {
 441        banks[1] |= MCI_STATUS_OVER;
 442    }
 443
 444    emit_guest_memory_failure(MEMORY_FAILURE_ACTION_INJECT, ar, recursive);
 445}
 446
 447void cpu_x86_inject_mce(Monitor *mon, X86CPU *cpu, int bank,
 448                        uint64_t status, uint64_t mcg_status, uint64_t addr,
 449                        uint64_t misc, int flags)
 450{
 451    CPUState *cs = CPU(cpu);
 452    CPUX86State *cenv = &cpu->env;
 453    MCEInjectionParams params = {
 454        .mon = mon,
 455        .bank = bank,
 456        .status = status,
 457        .mcg_status = mcg_status,
 458        .addr = addr,
 459        .misc = misc,
 460        .flags = flags,
 461    };
 462    unsigned bank_num = cenv->mcg_cap & 0xff;
 463
 464    if (!cenv->mcg_cap) {
 465        monitor_printf(mon, "MCE injection not supported\n");
 466        return;
 467    }
 468    if (bank >= bank_num) {
 469        monitor_printf(mon, "Invalid MCE bank number\n");
 470        return;
 471    }
 472    if (!(status & MCI_STATUS_VAL)) {
 473        monitor_printf(mon, "Invalid MCE status code\n");
 474        return;
 475    }
 476    if ((flags & MCE_INJECT_BROADCAST)
 477        && !cpu_x86_support_mca_broadcast(cenv)) {
 478        monitor_printf(mon, "Guest CPU does not support MCA broadcast\n");
 479        return;
 480    }
 481
 482    run_on_cpu(cs, do_inject_x86_mce, RUN_ON_CPU_HOST_PTR(&params));
 483    if (flags & MCE_INJECT_BROADCAST) {
 484        CPUState *other_cs;
 485
 486        params.bank = 1;
 487        params.status = MCI_STATUS_VAL | MCI_STATUS_UC;
 488        params.mcg_status = MCG_STATUS_MCIP | MCG_STATUS_RIPV;
 489        params.addr = 0;
 490        params.misc = 0;
 491        CPU_FOREACH(other_cs) {
 492            if (other_cs == cs) {
 493                continue;
 494            }
 495            run_on_cpu(other_cs, do_inject_x86_mce, RUN_ON_CPU_HOST_PTR(&params));
 496        }
 497    }
 498}
 499
 500void cpu_report_tpr_access(CPUX86State *env, TPRAccess access)
 501{
 502    X86CPU *cpu = env_archcpu(env);
 503    CPUState *cs = env_cpu(env);
 504
 505    if (kvm_enabled() || whpx_enabled() || nvmm_enabled()) {
 506        env->tpr_access_type = access;
 507
 508        cpu_interrupt(cs, CPU_INTERRUPT_TPR);
 509    } else if (tcg_enabled()) {
 510        cpu_restore_state(cs, cs->mem_io_pc, false);
 511
 512        apic_handle_tpr_access_report(cpu->apic_state, env->eip, access);
 513    }
 514}
 515#endif /* !CONFIG_USER_ONLY */
 516
 517int cpu_x86_get_descr_debug(CPUX86State *env, unsigned int selector,
 518                            target_ulong *base, unsigned int *limit,
 519                            unsigned int *flags)
 520{
 521    CPUState *cs = env_cpu(env);
 522    SegmentCache *dt;
 523    target_ulong ptr;
 524    uint32_t e1, e2;
 525    int index;
 526
 527    if (selector & 0x4)
 528        dt = &env->ldt;
 529    else
 530        dt = &env->gdt;
 531    index = selector & ~7;
 532    ptr = dt->base + index;
 533    if ((index + 7) > dt->limit
 534        || cpu_memory_rw_debug(cs, ptr, (uint8_t *)&e1, sizeof(e1), 0) != 0
 535        || cpu_memory_rw_debug(cs, ptr+4, (uint8_t *)&e2, sizeof(e2), 0) != 0)
 536        return 0;
 537
 538    *base = ((e1 >> 16) | ((e2 & 0xff) << 16) | (e2 & 0xff000000));
 539    *limit = (e1 & 0xffff) | (e2 & 0x000f0000);
 540    if (e2 & DESC_G_MASK)
 541        *limit = (*limit << 12) | 0xfff;
 542    *flags = e2;
 543
 544    return 1;
 545}
 546
 547#if !defined(CONFIG_USER_ONLY)
 548void do_cpu_init(X86CPU *cpu)
 549{
 550    CPUState *cs = CPU(cpu);
 551    CPUX86State *env = &cpu->env;
 552    CPUX86State *save = g_new(CPUX86State, 1);
 553    int sipi = cs->interrupt_request & CPU_INTERRUPT_SIPI;
 554
 555    *save = *env;
 556
 557    cpu_reset(cs);
 558    cs->interrupt_request = sipi;
 559    memcpy(&env->start_init_save, &save->start_init_save,
 560           offsetof(CPUX86State, end_init_save) -
 561           offsetof(CPUX86State, start_init_save));
 562    g_free(save);
 563
 564    if (kvm_enabled()) {
 565        kvm_arch_do_init_vcpu(cpu);
 566    }
 567    apic_init_reset(cpu->apic_state);
 568}
 569
 570void do_cpu_sipi(X86CPU *cpu)
 571{
 572    apic_sipi(cpu->apic_state);
 573}
 574#else
 575void do_cpu_init(X86CPU *cpu)
 576{
 577}
 578void do_cpu_sipi(X86CPU *cpu)
 579{
 580}
 581#endif
 582
 583#ifndef CONFIG_USER_ONLY
 584
 585void cpu_load_efer(CPUX86State *env, uint64_t val)
 586{
 587    env->efer = val;
 588    env->hflags &= ~(HF_LMA_MASK | HF_SVME_MASK);
 589    if (env->efer & MSR_EFER_LMA) {
 590        env->hflags |= HF_LMA_MASK;
 591    }
 592    if (env->efer & MSR_EFER_SVME) {
 593        env->hflags |= HF_SVME_MASK;
 594    }
 595}
 596
 597uint8_t x86_ldub_phys(CPUState *cs, hwaddr addr)
 598{
 599    X86CPU *cpu = X86_CPU(cs);
 600    CPUX86State *env = &cpu->env;
 601    MemTxAttrs attrs = cpu_get_mem_attrs(env);
 602    AddressSpace *as = cpu_addressspace(cs, attrs);
 603
 604    return address_space_ldub(as, addr, attrs, NULL);
 605}
 606
 607uint32_t x86_lduw_phys(CPUState *cs, hwaddr addr)
 608{
 609    X86CPU *cpu = X86_CPU(cs);
 610    CPUX86State *env = &cpu->env;
 611    MemTxAttrs attrs = cpu_get_mem_attrs(env);
 612    AddressSpace *as = cpu_addressspace(cs, attrs);
 613
 614    return address_space_lduw(as, addr, attrs, NULL);
 615}
 616
 617uint32_t x86_ldl_phys(CPUState *cs, hwaddr addr)
 618{
 619    X86CPU *cpu = X86_CPU(cs);
 620    CPUX86State *env = &cpu->env;
 621    MemTxAttrs attrs = cpu_get_mem_attrs(env);
 622    AddressSpace *as = cpu_addressspace(cs, attrs);
 623
 624    return address_space_ldl(as, addr, attrs, NULL);
 625}
 626
 627uint64_t x86_ldq_phys(CPUState *cs, hwaddr addr)
 628{
 629    X86CPU *cpu = X86_CPU(cs);
 630    CPUX86State *env = &cpu->env;
 631    MemTxAttrs attrs = cpu_get_mem_attrs(env);
 632    AddressSpace *as = cpu_addressspace(cs, attrs);
 633
 634    return address_space_ldq(as, addr, attrs, NULL);
 635}
 636
 637void x86_stb_phys(CPUState *cs, hwaddr addr, uint8_t val)
 638{
 639    X86CPU *cpu = X86_CPU(cs);
 640    CPUX86State *env = &cpu->env;
 641    MemTxAttrs attrs = cpu_get_mem_attrs(env);
 642    AddressSpace *as = cpu_addressspace(cs, attrs);
 643
 644    address_space_stb(as, addr, val, attrs, NULL);
 645}
 646
 647void x86_stl_phys_notdirty(CPUState *cs, hwaddr addr, uint32_t val)
 648{
 649    X86CPU *cpu = X86_CPU(cs);
 650    CPUX86State *env = &cpu->env;
 651    MemTxAttrs attrs = cpu_get_mem_attrs(env);
 652    AddressSpace *as = cpu_addressspace(cs, attrs);
 653
 654    address_space_stl_notdirty(as, addr, val, attrs, NULL);
 655}
 656
 657void x86_stw_phys(CPUState *cs, hwaddr addr, uint32_t val)
 658{
 659    X86CPU *cpu = X86_CPU(cs);
 660    CPUX86State *env = &cpu->env;
 661    MemTxAttrs attrs = cpu_get_mem_attrs(env);
 662    AddressSpace *as = cpu_addressspace(cs, attrs);
 663
 664    address_space_stw(as, addr, val, attrs, NULL);
 665}
 666
 667void x86_stl_phys(CPUState *cs, hwaddr addr, uint32_t val)
 668{
 669    X86CPU *cpu = X86_CPU(cs);
 670    CPUX86State *env = &cpu->env;
 671    MemTxAttrs attrs = cpu_get_mem_attrs(env);
 672    AddressSpace *as = cpu_addressspace(cs, attrs);
 673
 674    address_space_stl(as, addr, val, attrs, NULL);
 675}
 676
 677void x86_stq_phys(CPUState *cs, hwaddr addr, uint64_t val)
 678{
 679    X86CPU *cpu = X86_CPU(cs);
 680    CPUX86State *env = &cpu->env;
 681    MemTxAttrs attrs = cpu_get_mem_attrs(env);
 682    AddressSpace *as = cpu_addressspace(cs, attrs);
 683
 684    address_space_stq(as, addr, val, attrs, NULL);
 685}
 686#endif
 687