Commit graph

318 commits

Author SHA1 Message Date
Hector Martin
9e42f4fc0f m1n1.trace: Add a state stash to Tracer that persists
This allows Tracers to keep internal state around even across complete
re-instantiations.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-21 02:02:05 +09:00
Hector Martin
7090138779 m1n1.utils: Make Register sub-subclasses work, optimize
Now figures out the fields/etc in a metaclass, not at object
instantiation time.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-21 02:01:07 +09:00
Hector Martin
8d61a81bed m1n1.hv: Wrap tracer calls in a shell to handle exceptions
This allows you to fix a tracer and retry ('cont' or ^D) or skip
('skip') its execution.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-21 01:58:47 +09:00
Hector Martin
7c19dcc33f m1n1.hv: Handle symbol addresses properly for Linux
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-19 21:51:36 +09:00
Hector Martin
8197538078 m1n1.hv: Add System.map support and make pac_mask configurable
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-19 15:53:14 +09:00
Janne Grunau
36dcc1b8f3 hv.py: remove only the used USB-C port from the ADT
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-18 14:26:54 +09:00
Janne Grunau
bbd2cf8710 hv.py: hook USB-C port specific pmgr addresses
Allows running HV over each USB-C port of a Mac Mini with Mac OS as
guest.

Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-18 14:26:54 +09:00
Janne Grunau
d88e255c56 hv.py: remove secondary CPU cores unconditionally from the ADT
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-18 14:26:54 +09:00
Janne Grunau
98076ef693 usb: disable tps6598x interrupts
Restore the interrupt masks on chainload or HV guest start. The
interrupt mask is not restored on the USB-C port used by the hypervisor.
This prevents an interrupt storm in the guest when the other USB-C port
is exposed to the guest. Both tps6598x share unfortunately an interrupt
line.

Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-18 14:26:54 +09:00
Janne Grunau
de82209079 m1n1.trace.gpio: convert GPIOTracer to new framework
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-18 14:23:23 +09:00
Janne Grunau
ccd765464d m1n1.utils: fix RegMap range lookup
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-18 14:23:23 +09:00
Hector Martin
cb6d1f58a2 m1n1.trace.asc: Initial ASCTracer implementation
A tracer for the ASC coprocessor mailbox interface.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-18 02:24:55 +09:00
Hector Martin
b3526bd667 m1n1.trace: Implement RegMap-based tracing & ADTDevTracer
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-18 02:23:56 +09:00
Hector Martin
2784f48a24 m1n1.hv: Fix MMIO handling bugs
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-18 02:23:08 +09:00
Hector Martin
1213ec4173 m1n1.utils: Improve RegMap lookup functions
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-18 02:22:27 +09:00
Hector Martin
94db82f8a0 m1n1.hv: Reload shell globals when reloading class
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-18 02:22:06 +09:00
Hector Martin
332e7e22e7 m1n1.utils: Improve Reloadable, add cls._reloadcls()
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-18 02:21:09 +09:00
Hector Martin
0ee96c7ffd m1n1.proxutils: Add ProxyUtils.{read,write}
These implement generic-size read/write. Use them for hypervisor MMIO
handling and for regmaps.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-18 02:19:39 +09:00
Hector Martin
990f5b3995 m1n1.hv: Complete TraceMode.SYNC/HOOK support
Also fix a nasty bug in legacy/bare map_hook() support

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-17 20:35:57 +09:00
Hector Martin
cdbc07e74c m1n1.utils: Add Register.copy()
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-17 20:35:26 +09:00
Hector Martin
e218129931 m1n1.utils: Introduce Reloadable class for magic live-reloading
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-17 20:34:54 +09:00
Hector Martin
2f68012d6c m1n1.hv: Show ident for RESERVED page table mappings
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-17 02:32:46 +09:00
Hector Martin
49dad3b9ff m1n1.hv: Rework MMIO PT handling & tracing
Now keeps track of the requested MMIO maps in a DictRangeMap, which is
then flattened to HV page table updates.

TODO: HOOK/SYNC codepaths

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-17 02:00:32 +09:00
Hector Martin
228033f9ce m1n1.hv: Make map_hw() fall back to map_sw() for unaligned cases
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-17 01:59:35 +09:00
Hector Martin
db928acd61 m1n1.utils: RangeMap fixes & improvements, add BoolRangeMap
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-17 01:57:57 +09:00
Hector Martin
69745c3310 m1n1.utils: Add align_up() and align_down()
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-17 01:57:35 +09:00
Hector Martin
526cd8a55e m1n1.utils: Register: Keep fields sorted in __str__/__repr__
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-16 02:53:02 +09:00
Hector Martin
bb6ef8caa1 experiments/dart_dump.py: Port to RegMap
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-16 02:52:51 +09:00
Hector Martin
234051df1c m1n1.utils: Add RegMap base class
This metaclass voodoo allows us to define register maps like this:

class SomeDevice(RegMap):
    FOO = 0x0000, Register32
    BAR = 0x0004, Register32
    # Register array
    BAZ = range(0x100, 0x200, 4), Register32

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-16 02:29:46 +09:00
Hector Martin
53dcba6f25 m1n1.utils: RangeMap improvements, add {Scalar,Dict,Set}RangeMap
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-16 02:29:30 +09:00
Hector Martin
3d0bb889ab m1n1.utils: Move Register.value -> _value and wrap
Also pre-compute _fields

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-16 02:28:00 +09:00
Hector Martin
15381b8d74 m1n1.adt: Dump out address lookup table in script mode
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 19:45:58 +09:00
Hector Martin
48b4466abf m1n1.utils: Rewrite AddrLookup to improve performance & fix bugs
* Fix correctness issues (ranges could end up overlapping)
* Split ranges instead of merging them on overlap (previously a single
  range overlapping everything would reduce the lookup to a linear
  search over all ranges)
* Support removal and generic mutations by splitting out a generic
  RangeMap class that can be used with arbitrary values/collections

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 19:42:30 +09:00
Hector Martin
7e5054548a hv_vm: Rename SPTE_SYNC_TRACE to SPTE_TRACE_UNBUF
It's not really synchronous, it just flushes USB buffering.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 16:10:06 +09:00
Hector Martin
96ecd52b65 tools/chainload.py: Remove 1-second delay
I don't think we need this any more, ever since the new reconnection
code

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 15:59:55 +09:00
Hector Martin
05db5dba6f trace_agx.py: Disable tracing the PMP bits
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 15:46:08 +09:00
Hector Martin
baa46bf4f1 find_regs.py: Fix script mode invocation
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 15:45:51 +09:00
Janne Grunau
dc57e586bc hv/trace_gpio.py: mmiotrace handler for "/arm-io/gpio"
The hanlder omits noise/useless of the mmio access and annotates
known offsets, pins, interrupts and config values.

Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-15 15:41:50 +09:00
Janne Grunau
3128956a8e hv.py: support device specific mmiotrace handlers
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-15 15:41:50 +09:00
Janne Grunau
670ce212d1 hv.py: style: use shorter conditional statements in handle_mmiotrace()
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-15 15:41:50 +09:00
Janne Grunau
1d6a9c5257 utils.py: prepare AddrLookup for device specific mmiotrace handlers
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-15 15:41:50 +09:00
Hector Martin
e833e3c052 run_guest.py: Fix usage without -m or -c
Closes: #75

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-11 11:59:21 +09:00
Janne Grunau
d525979fb7 proxy/tools: add reboot.py
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-11 11:41:24 +09:00
Hector Martin
edbe471804 run_guest.py: Add options to run external scripts:
-m <script>

  Run a script in hypervisor context prior to starting the guest.
  This is essentially the same as the shell context.

-c <code>
  Run a literal string of code prior to starting the guest.

-S
  Start a shell instead of directly starting the guest. Use `start` to
  actually begin guest execution.

This also adds a couple example scripts under hv/.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-10 22:37:12 +09:00
Hector Martin
d9561b7507 proxyclient: Big cleanup/move to module
All the common/importable stuff now lives in the 'm1n1' module.

General use tools are in tools/

Reverse engineering experiments are in experiments/

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-10 19:40:48 +09:00
Janne Grunau
88275b5cb5 hv: add AIC interrupt tracing
Implemented by MMIO tracing of AIC's event register. Proposed by pipcet.

Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-10 15:41:02 +09:00
Janne Grunau
012d8964f9 adt.py: improve "interrupts" parsing
Correct parsing would require a second pass to use the
interrupt-parent's "#interrupt-cells".

Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-10 15:41:02 +09:00
Vincent Duvert
1a95a9fc17 Shell: do not access properties on startup
Change the way the shell finds methods to add to the locals on startup: the
methods are queried on the object’s class, rather than the object itself. This
allows detecting if an object’s member is a property and ignore it, rather than
accessing the property.

Attributes whose name starts by ‘_’ are also now ignored, which avoids
importing private methods or Python magic methods in the shell namespace.

Fixes spurious accesses to ProxyUtils’s SIMD properties (b, h, etc) on shell
startup, which caused a ProxyCommandError if m1n1 is not recent enough.

Signed-off-by: Vincent Duvert <vincent@duvert.net>
2021-06-09 19:47:54 +09:00
Janne Grunau
d61bf13cb0 hv: shadow perf monitor IRQ mode and state
The development Mac OS kernel panics if the PMCR0 sysreg is in an
unexpected state. To avoid that the hypervisor needs to shadow the
interrupt mode and interrupt active flag after it mask the PM FIQ.
Mac OS reads and writes frequently from PMCR0 and PMC 0/1 so handling
in m1n1 is preferred over Python.

Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-09 19:47:20 +09:00
Sven Peter
c47f1b2095 proxy: add dart_dump.py
Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-06-09 19:45:55 +09:00
Hector Martin
7b22a72442 hv.py: Add reboot() command to reboot the system and exit
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-04 15:09:59 +09:00
Hector Martin
a175b6d159 proxy: Add reboot() call to hard reboot the system
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-04 15:09:11 +09:00
Hector Martin
89a7a3a5b1 proxy.py: Rename reboot() to reload()
reboot() is confusing (it doesn't reboot the system)

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-04 15:00:24 +09:00
Hector Martin
f1cfe27e31 hv: Use AFSR_GL1 when in guarded mode.
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-30 03:34:17 +09:00
Hector Martin
c794ea6dc2 hv_vuart: Make compatible with xnu and enable
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-30 01:39:26 +09:00
Hector Martin
a5c7e1557f proxy.py: Make compatible with older pyserial
We don't use this right now, anyway

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-30 01:22:22 +09:00
Hector Martin
775902112d hv.py: Add M1RACLES mitigation
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 02:41:17 +09:00
Hector Martin
469b1258c0 hv.py: Branding 2021-05-28 02:13:23 +09:00
Hector Martin
3427bc0a2e hv.py: Be more selective about MMIO tracing
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 02:13:23 +09:00
Hector Martin
64973d43a5 hv.py: Disable exception patching
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 02:13:23 +09:00
Hector Martin
f502dc7a83 hv.py: Activate logo improvements
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 02:13:23 +09:00
Hector Martin
66fc157e94 fb: Improve visuals
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 00:45:05 +09:00
Hector Martin
3a44625803 hv.py; mmiotrace: Show op width
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 00:00:54 +09:00
Hector Martin
77a36a7d34 utils,proxy: Add basic SIMD register fetch and mutation support
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-27 22:57:25 +09:00
Hector Martin
5d0f6e21f6 utils: Coerce address lookup addresses to int
If this is a wrapper class, "in range()" is not optimized and does a
linear scan through the range...

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-27 22:14:09 +09:00
Vincent Duvert
3d1747466b Add an option to disable checksumming if possible
* Introduce feature flags which allows the proxy and m1n1 to determine which
features they have in common.
* Add a feature flag that disables checksumming (by replacing checksums with
constant values) for the data packets exchanged by REQ_MEMREAD, REQ_MEMWRITE
and REQ_EVENT. The feature is enabled if m1n1 supports it; checksumming is kept
enabled for UART communication.
* To ensure no packet loss when checksumming is disabled, an extra sentinel
value is added after the exchanged data for memory read/write operations.

Signed-off-by: Vincent Duvert <vincent@duvert.net>
2021-05-27 21:34:37 +09:00
Janne Grunau
16f0abe6bb hv.py: resolve adresses from ADT in mmiotrace
Signed-off-by: Janne Grunau <j@jannau.net>
2021-05-27 21:32:05 +09:00
Janne Grunau
67cdf57540 adt.py: add option to retrieve the adt from m1n1
Signed-off-by: Janne Grunau <j@jannau.net>
2021-05-27 21:32:05 +09:00
Janne Grunau
07314994ed adt.py: raise AttributeError in ADTNode._getattr__()
Signed-off-by: Janne Grunau <j@jannau.net>
2021-05-27 21:32:05 +09:00
Hector Martin
2aa41192ed hv.py: Put back UART MMIO bypass
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-27 21:29:58 +09:00
Hector Martin
0f99ee834d hv.py: Put back most of the removed ADT nodes
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-27 21:29:58 +09:00
Hector Martin
dedada1f57 hv.py: Remove sync mode from main MMIO region
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-27 21:29:58 +09:00
Hector Martin
85411d1714 hv_vm: Add support for 128-bit ops, stp/ldp, fix some emu bugs
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-27 21:29:58 +09:00
Hector Martin
bfe8c94c47 hv_wdt: Add hypervisor watchdog on secondary core
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-27 21:28:43 +09:00
Hector Martin
45960036c8 find_regs.py: Fix typo
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-27 21:10:37 +09:00
Hector Martin
f44942015f hv.py: Current mmiotrace config/experiments
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-25 20:12:20 +09:00
Hector Martin
5d8b3a1ab1 hv.py: Remove more devices for testing
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-25 20:12:20 +09:00
Hector Martin
59cf1a1bcd hv.py: Map low physmem to the guest
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-25 20:12:20 +09:00
Hector Martin
e92e075fba hv_exc: Add IPI and guest timer FIQ virtualization
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-25 20:12:20 +09:00
Hector Martin
c943af62b9 hv: Enable FIQ trapping
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-25 20:12:20 +09:00
Hector Martin
75f206e65c hv_exc, hv.py: Add support for interrupting guest with ^C
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-25 20:12:20 +09:00
Hector Martin
2e014f58fa hv: Implement a periodic hypervisor ptimer and use vtimer for stepping
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-25 20:12:20 +09:00
Hector Martin
ba3a1b1028 hacr_trap_bits.py: Enable GXF around checks
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-25 20:12:20 +09:00
Hector Martin
e99680cb1e hv: Rename HV_HOOK proxy start type to HV
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-25 20:12:20 +09:00
Hector Martin
989625ac65 adt.py: Support /-separated node path accesses 2021-05-22 04:42:38 +09:00
Hector Martin
4cc22c73c0 hv.py: Add a novm mode without stage 2 translation
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-22 04:42:38 +09:00
Hector Martin
81bf0ad578 apple_regs.json: More GXF and SPRR registers
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-22 04:42:38 +09:00
Hector Martin
a9c189fe27 hv.py: Add more sysreg redirects
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-22 04:42:38 +09:00
Hector Martin
5f7aded3ce find_sprr_regs.py: Port to find_regs.py, fixes
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-22 04:42:38 +09:00
Hector Martin
30e14f1a0b find_regs: Modular version of find_all_regs.py
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-22 03:21:01 +09:00
Hector Martin
d82f5db064 apple_regs.json: Add CNTPCT_ALIAS_EL0
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-22 03:21:01 +09:00
Hector Martin
81793508ae proxyutils.py: Use sysreg_parse() for mrs/msr
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-22 03:21:01 +09:00
Hector Martin
91a94992ea proxyutils.py: Improve the various exec() modes
Now we can just say call="el1" etc., and it takes care of the region for
you.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-22 03:21:01 +09:00
Hector Martin
d0995e0653 proxyutils: Make GuardedHeap able to take a single Heap argument
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-22 03:21:01 +09:00
Hector Martin
7bdff8ad10 sysreg.py: Add sysreg_parse() function
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-22 03:21:01 +09:00
Mark Kettenis
e23e89849f proxy: linux.py: fix tty initialization
commit 35fddd51 broke loading a kernel without explitly specifying
a tty.  Fix this.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
2021-05-16 18:47:00 +09:00
Hector Martin
957bf40d20 proxy.py: Add debug for rx events
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-16 18:46:35 +09:00
Sven Peter
35fddd5117 proxy: linux.py: allow to load u-boot before Linux
right now u-boot can bring up the PCIe bus such that Linux only requires
a very minimal driver. this new --u-boot flag for linux.py allows to
load u-boot before the Linux kernel to make use of this.
This requires a small hack to inject the booti command into the default
u-boot boot environment.

Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-05-16 02:45:46 +09:00
Hector Martin
3283987ba9 proxy.py: Fix spurious garbage printed to TTY
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-16 00:04:33 +09:00
Hector Martin
afc088840d hv: Add Python-side MMIO emulation hooks
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-15 23:57:48 +09:00