--- /dev/null
+/*
+ * Binary translate privilege-sensitive ops to privileged
+ *
+ * Copyright (C) 2004 Hewlett-Packard Co.
+ * Dan Magenheimer (dan.magenheimer@hp.com)
+ *
+ */
+
+#include "privify.h"
+
+typedef unsigned long long u64;
+typedef unsigned long long IA64_INST;
+
+typedef union U_IA64_BUNDLE {
+ u64 i64[2];
+ struct { u64 template:5,slot0:41,slot1a:18,slot1b:23,slot2:41; };
+ // NOTE: following doesn't work because bitfields can't cross natural
+ // size boundaries
+ //struct { u64 template:5, slot0:41, slot1:41, slot2:41; };
+} IA64_BUNDLE;
+
+typedef enum E_IA64_SLOT_TYPE { I, M, F, B, L, ILLEGAL } IA64_SLOT_TYPE;
+
+typedef union U_INST64_A5 {
+ IA64_INST inst;
+ struct { u64 qp:6, r1:7, imm7b:7, r3:2, imm5c:5, imm9d:9, s:1, major:4; };
+} INST64_A5;
+
+typedef union U_INST64_B4 {
+ IA64_INST inst;
+ struct { u64 qp:6, btype:3, un3:3, p:1, b2:3, un11:11, x6:6, wh:2, d:1, un1:1, major:4; };
+} INST64_B4;
+
+typedef union U_INST64_B8 {
+ IA64_INST inst;
+ struct { u64 qp:6, un21:21, x6:6, un4:4, major:4; };
+} INST64_B8;
+
+typedef union U_INST64_B9 {
+ IA64_INST inst;
+ struct { u64 qp:6, imm20:20, :1, x6:6, :3, i:1, major:4; };
+} INST64_B9;
+
+typedef union U_INST64_I19 {
+ IA64_INST inst;
+ struct { u64 qp:6, imm20:20, :1, x6:6, x3:3, i:1, major:4; };
+} INST64_I19;
+
+typedef union U_INST64_I26 {
+ IA64_INST inst;
+ struct { u64 qp:6, :7, r2:7, ar3:7, x6:6, x3:3, :1, major:4;};
+} INST64_I26;
+
+typedef union U_INST64_I27 {
+ IA64_INST inst;
+ struct { u64 qp:6, :7, imm:7, ar3:7, x6:6, x3:3, s:1, major:4;};
+} INST64_I27;
+
+typedef union U_INST64_I28 { // not privileged (mov from AR)
+ IA64_INST inst;
+ struct { u64 qp:6, r1:7, :7, ar3:7, x6:6, x3:3, :1, major:4;};
+} INST64_I28;
+
+typedef union U_INST64_M28 {
+ IA64_INST inst;
+ struct { u64 qp:6, :14, r3:7, x6:6, x3:3, :1, major:4;};
+} INST64_M28;
+
+typedef union U_INST64_M29 {
+ IA64_INST inst;
+ struct { u64 qp:6, :7, r2:7, ar3:7, x6:6, x3:3, :1, major:4;};
+} INST64_M29;
+
+typedef union U_INST64_M30 {
+ IA64_INST inst;
+ struct { u64 qp:6, :7, imm:7, ar3:7,x4:4,x2:2,x3:3,s:1,major:4;};
+} INST64_M30;
+
+typedef union U_INST64_M31 {
+ IA64_INST inst;
+ struct { u64 qp:6, r1:7, :7, ar3:7, x6:6, x3:3, :1, major:4;};
+} INST64_M31;
+
+typedef union U_INST64_M32 {
+ IA64_INST inst;
+ struct { u64 qp:6, :7, r2:7, cr3:7, x6:6, x3:3, :1, major:4;};
+} INST64_M32;
+
+typedef union U_INST64_M33 {
+ IA64_INST inst;
+ struct { u64 qp:6, r1:7, :7, cr3:7, x6:6, x3:3, :1, major:4; };
+} INST64_M33;
+
+typedef union U_INST64_M35 {
+ IA64_INST inst;
+ struct { u64 qp:6, :7, r2:7, :7, x6:6, x3:3, :1, major:4; };
+
+} INST64_M35;
+
+typedef union U_INST64_M36 {
+ IA64_INST inst;
+ struct { u64 qp:6, r1:7, :14, x6:6, x3:3, :1, major:4; };
+} INST64_M36;
+
+typedef union U_INST64_M41 {
+ IA64_INST inst;
+ struct { u64 qp:6, :7, r2:7, :7, x6:6, x3:3, :1, major:4; };
+} INST64_M41;
+
+typedef union U_INST64_M42 {
+ IA64_INST inst;
+ struct { u64 qp:6, :7, r2:7, r3:7, x6:6, x3:3, :1, major:4; };
+} INST64_M42;
+
+typedef union U_INST64_M43 {
+ IA64_INST inst;
+ struct { u64 qp:6, r1:7, :7, r3:7, x6:6, x3:3, :1, major:4; };
+} INST64_M43;
+
+typedef union U_INST64_M44 {
+ IA64_INST inst;
+ struct { u64 qp:6, imm:21, x4:4, i2:2, x3:3, i:1, major:4; };
+} INST64_M44;
+
+typedef union U_INST64_M45 {
+ IA64_INST inst;
+ struct { u64 qp:6, :7, r2:7, r3:7, x6:6, x3:3, :1, major:4; };
+} INST64_M45;
+
+typedef union U_INST64_M46 {
+ IA64_INST inst;
+ struct { u64 qp:6, r1:7, un7:7, r3:7, x6:6, x3:3, un1:1, major:4; };
+} INST64_M46;
+
+typedef union U_INST64 {
+ IA64_INST inst;
+ struct { u64 :37, major:4; } generic;
+ INST64_A5 A5; // used in build_hypercall_bundle only
+ INST64_B4 B4; // used in build_hypercall_bundle only
+ INST64_B8 B8; // rfi, bsw.[01]
+ INST64_B9 B9; // break.b
+ INST64_I19 I19; // used in build_hypercall_bundle only
+ INST64_I26 I26; // mov register to ar (I unit)
+ INST64_I27 I27; // mov immediate to ar (I unit)
+ INST64_I28 I28; // mov from ar (I unit)
+ INST64_M28 M28; // purge translation cache entry
+ INST64_M29 M29; // mov register to ar (M unit)
+ INST64_M30 M30; // mov immediate to ar (M unit)
+ INST64_M31 M31; // mov from ar (M unit)
+ INST64_M32 M32; // mov reg to cr
+ INST64_M33 M33; // mov from cr
+ INST64_M35 M35; // mov to psr
+ INST64_M36 M36; // mov from psr
+ INST64_M41 M41; // translation cache insert
+ INST64_M42 M42; // mov to indirect reg/translation reg insert
+ INST64_M43 M43; // mov from indirect reg
+ INST64_M44 M44; // set/reset system mask
+ INST64_M45 M45; // translation purge
+ INST64_M46 M46; // translation access (tpa,tak)
+} INST64;
+
+#define MASK_41 ((u64)0x1ffffffffff)
+
+long priv_verbose = 0;
+#define verbose(a...) do { if (priv_verbose) printf(a); } while(0)
+
+/*
+ * privify_inst
+ *
+ * Replaces privilege-sensitive instructions (and reads from write-trapping
+ * registers) with privileged/trapping instructions as follows:
+ * mov rx=ar.cflg -> mov ar.cflg=r(x+64) [**]
+ * mov rx=ar.ky -> mov ar.ky=r(x+64)
+ * fc rx -> ptc r(x+64)
+ * thash rx=ry -> tak rx=r(y+64)
+ * ttag rx=ry -> tpa rx=r(y+64)
+ * mov rx=cpuid[ry] -> mov r(x+64)=rr[ry]
+ * mov rx=pmd[ry] -> mov r(x+64)=pmc[ry] [**]
+ * cover -> break.b 0x1fffff
+ *
+ * [**] not currently implemented
+ */
+IA64_INST privify_inst(IA64_INST inst_val,
+ IA64_SLOT_TYPE slot_type, IA64_BUNDLE *bp, char **msg)
+{
+ INST64 inst = *(INST64 *)&inst_val;
+
+ *msg = 0;
+ switch (slot_type) {
+ case M:
+ // FIXME: Also use for mov_to/from_ar.cflag (M29/M30) (IA32 only)
+ if (inst.generic.major != 1) break;
+ if (inst.M46.x3 != 0) break;
+ if (inst.M31.x6 == 0x22 && inst.M31.ar3 < 8) {
+ // mov r1=kr -> mov kr=r1+64
+ verbose("privify_inst: privified mov r1=kr @%p\n",bp);
+ if (inst.M31.r1 >= 64) *msg = "mov r1=kr w/r1>63";
+ else privify_mov_from_kr_m(inst);
+ break;
+ }
+ if (inst.M29.x6 == 0x2a && inst.M29.ar3 < 8) {// mov kr=r1
+ if (inst.M29.r2 >= 64) *msg = "mov kr=r2 w/r2>63";
+ break;
+ }
+ if (inst.M28.x6 == 0x30) {
+ // fc r3-> ptc r3+64
+ verbose("privify_inst: privified fc r3 @%p\n",bp);
+ if (inst.M28.r3 >= 64) *msg = "fc r3 w/r3>63";
+ else privify_fc(inst);
+ break;
+ }
+ if (inst.M28.x6 == 0x34) {
+ if (inst.M28.r3 >= 64) *msg = "ptc.e w/r3>63";
+ break;
+ }
+ if (inst.M46.un7 != 0) break;
+ if (inst.M46.un1 != 0) break;
+ if (inst.M46.x6 == 0x1a) { // thash -> tak r1=r3+64
+ verbose("privify_inst: privified thash @%p\n",bp);
+ if (inst.M46.r3 >= 64) *msg = "thash w/r3>63";
+ else privify_thash(inst);
+ }
+ else if (inst.M46.x6 == 0x1b) { // ttag -> tpa r1=r3+64
+ verbose("privify_inst: privified ttag @%p\n",bp);
+ if (inst.M46.r3 >= 64) *msg = "ttag w/r3>63";
+ else privify_ttag(inst);
+ }
+ else if (inst.M43.x6 == 0x17) {
+ verbose("privify_inst: privified mov_from_cpuid @%p\n",bp);
+ if (inst.M43.r1 >= 64) *msg = "mov_from_cpuid w/r1>63";
+ else privify_mov_from_cpuid(inst);
+ }
+ else if (inst.M46.x6 == 0x1e) { // tpa
+ if (inst.M46.r3 >= 64) *msg = "tpa w/r3>63";
+ }
+ else if (inst.M46.x6 == 0x1f) { // tak
+ if (inst.M46.r3 >= 64) *msg = "tak w/r3>63";
+ }
+ else if (inst.M43.x6 == 0x10) {
+ if (inst.M43.r1 >= 64) *msg = "mov_to_rr w/r1>63";
+ }
+ break;
+ case B:
+ if (inst.generic.major != 0) break;
+ if (inst.B8.x6 == 0x2) { // cover -> break.b 0x1fffff
+ if (inst.B8.un21 != 0) break;
+ if (inst.B8.un4 != 0) break;
+ privify_cover(inst);
+ verbose("privify_inst: privified cover @%p\n",bp);
+ }
+ if (inst.B9.x6 == 0x0) { // (p15) break.b 0x1fffff -> cover
+ if (inst.B9.qp != 15) break;
+ if (inst.B9.imm20 != 0xfffff) break;
+ if (inst.B9.i != 1) break;
+ inst.B8.x6 = 0x2;
+ inst.B8.un21 = 0;
+ inst.B8.un4 = 0;
+ inst.B8.qp = 0;
+ verbose("privify_inst: unprivified pseudo-cover @%p\n",
+ bp);
+ }
+ break;
+ case I: // only used for privifying mov_from_ar
+ // FIXME: Also use for mov_to/from_ar.cflag (I26/I27) (IA32 only)
+ if (inst.generic.major != 0) break;
+ if (inst.I28.x6 == 0x32 && !inst.I28.x3 && inst.I28.ar3 < 8) {
+ // mov r1=kr -> mov kr=r1+64
+ verbose("privify_inst: privified mov r1=kr @%p\n",bp);
+ if (inst.I28.r1 >= 64) *msg = "mov r1=kr w/r1>63";
+ else privify_mov_from_kr_i(inst);
+ }
+ else if (inst.I26.x6 == 0x2a && !inst.I26.x3 &&
+ inst.I26.ar3 < 8) {// mov kr=r1
+ if (inst.I26.r2 >= 64) *msg = "mov kr=r2 w/r2>63";
+ }
+ break;
+ case F: case L: case ILLEGAL:
+ break;
+ }
+ return *(IA64_INST *)&inst;
+}
+
+#define read_slot1(b) (((b.i64[0]>>46L) | (b.i64[1]<<18UL)) & MASK_41)
+// Not sure why, but this more obvious definition of read_slot1 doesn't work
+// because the compiler treats (b.slot1b<<18UL) as a signed 32-bit integer
+// so not enough bits get used and it gets sign extended to boot!
+//#define read_slot1(b) ((b.slot1a | (b.slot1b<<18UL)) & MASK_41)
+#define write_slot1(b,inst) do { b.slot1a=inst;b.slot1b=inst>>18UL;} while (0)
+
+
+void privify_memory(void *start, unsigned long len)
+{
+ IA64_BUNDLE bundle, *bp = (IA64_BUNDLE *)start;
+ IA64_INST tmp;
+ char *msg;
+
+printf("privifying %ld bytes of memory at %p\n",len,start);
+ if ((unsigned long)start & 0xfL) {
+ printf("unaligned memory block in privify_memory\n");
+ }
+ len &= ~0xf;
+ for (bundle = *bp; len; len -= 16) {
+ switch(bundle.template) {
+ case 0x06: case 0x07: case 0x14: case 0x15:
+ case 0x1a: case 0x1b: case 0x1e: case 0x1f:
+ break;
+ case 0x16: case 0x17:
+ // may be B in slot0/1 but cover can only be slot2
+ bundle.slot2 = privify_inst(bundle.slot2,B,bp,&msg);
+ break;
+ case 0x00: case 0x01: case 0x02: case 0x03:
+ tmp = privify_inst(read_slot1(bundle),I,bp,&msg);
+ write_slot1(bundle,tmp);
+ case 0x0c: case 0x0d:
+ bundle.slot2 = privify_inst(bundle.slot2,I,bp,&msg);
+ case 0x04: case 0x05:
+ // could a privified cover be in slot2 here?
+ bundle.slot0 = privify_inst(bundle.slot0,M,bp,&msg);
+ break;
+ case 0x08: case 0x09: case 0x0a: case 0x0b:
+ bundle.slot2 = privify_inst(bundle.slot2,I,bp,&msg);
+ case 0x0e: case 0x0f:
+ bundle.slot0 = privify_inst(bundle.slot0,M,bp,&msg);
+ if (msg) break;
+ tmp = privify_inst(read_slot1(bundle),M,bp,&msg);
+ write_slot1(bundle,tmp);
+ break;
+ case 0x10: case 0x11:
+ tmp = privify_inst(read_slot1(bundle),I,bp,&msg);
+ write_slot1(bundle,tmp);
+ case 0x12: case 0x13:
+ // may be B in slot1 but cover can only be slot2
+ case 0x1c: case 0x1d:
+ bundle.slot0 = privify_inst(bundle.slot0,M,bp,&msg);
+ if (msg) break;
+ bundle.slot2 = privify_inst(bundle.slot2,B,bp,&msg);
+ break;
+ case 0x18: case 0x19:
+ bundle.slot0 = privify_inst(bundle.slot0,M,bp,&msg);
+ if (msg) break;
+ tmp = privify_inst(read_slot1(bundle),M,bp,&msg);
+ write_slot1(bundle,tmp);
+ if (msg) break;
+ bundle.slot2 = privify_inst(bundle.slot2,B,bp,&msg);
+ break;
+ }
+ if (msg) {
+ if (bundle.slot2)
+ printf("privify_memory: %s @%p\n",msg,bp);
+ else
+ printf("privify_memory: %s @%p probably not insts\n",
+ msg,bp);
+ printf("privify_memory: bundle=%p,%p\n",
+ bundle.i64[1],bundle.i64[0]);
+ }
+ *bp = bundle;
+ bundle = *++bp;
+ }
+
+}
projects / xen.git / commitdiff