Commit graph

1193 commits

Author SHA1 Message Date
Hector Martin
bf34611bf4 hv_vm: Add out-of-bounds IPA check
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-15 01:15:17 +09:00
Hector Martin
e919b63a02 hv_vm: Add register-offset LDR/STR emulation, fix bugs
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-15 00:43:39 +09:00
Hector Martin
1a5ba2c67e hv_vm: Fix bad asserts
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-14 21:49:11 +09:00
Hector Martin
e9aa876d12 Add missing xnutools.py
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 22:46:07 +09:00
Hector Martin
11fb2a403b adt.py: Unbork reg parsing, fix some stuff
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 22:44:50 +09:00
Hector Martin
7358e79d74 hv.py: Support pointer auth correctly
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 21:28:52 +09:00
Hector Martin
248011f7a1 apple_regs.json: Correct VM pauth registers
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 21:28:31 +09:00
Hector Martin
920ff59483 exception: Unbork EL1 stack
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 21:14:58 +09:00
Hector Martin
11ef3bb461 proxyutils.py: Allow mrs/msr to pass region (for EL1 etc)
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 20:10:51 +09:00
Hector Martin
757213b7a9 apple_regs.json: Add some EL1 registers for AP
Still not sure how to enable APSTS_EL12...

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 20:10:34 +09:00
Hector Martin
98839afab0 proxyutils.py: Use keyword-only arguments for msr/msr/inst
So I stop writing mrs(sysreg, value)...

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 19:02:57 +09:00
Hector Martin
aebda5213a hv.py: Now gets pretty far into XNU boot
Next up: mmiotrace

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 19:02:35 +09:00
Hector Martin
9efa91bf87 gxf: Do not disable the MMU around GXF calls
We are now SPRR compatible.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 18:31:27 +09:00
Hector Martin
b9ed00c6f3 memory: Initialize SPRR permissions
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 18:16:56 +09:00
Hector Martin
495732ef6a proxyutils.py: Fix returning from ad-hoc code
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 18:16:13 +09:00
Hector Martin
7fb35a8533 proxyutils.py: Call ad-hoc code in RX EL1 region
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 18:15:35 +09:00
Hector Martin
8af8dadee1 memory: Support L3 mappings, map m1n1 code as RX.
This replaces the old pagetable code with an adapted version of what
hv_vm.c does, which can handle block and page mappings more
intelligently.

Then, map the m1n1 code section as RX. This allows us to work in modes
where W^X is enforced.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 18:14:31 +09:00
Hector Martin
3e1ea2d503 memory: Add separate mappings for EL0 data access
This unborks stack and constant pool accesses from el0_call.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 17:36:02 +09:00
Hector Martin
7685800b45 heapblock: Assert if not initialized
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 17:33:57 +09:00
Hector Martin
9ffab4ac98 hv_vm.c: Remove stray ;
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-13 17:33:48 +09:00
Hector Martin
4a918346a8 shell.py: Add only callables to locals, but also sysregs
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-12 21:21:39 +09:00
Hector Martin
4d75ff90ff proxyutils.py: Support Apple impdef MSR trap decoding
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-12 21:21:09 +09:00
Hector Martin
f56318abc9 hacr_trap_bits.py: Look at ARM standard-but-not regs too
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-12 21:20:51 +09:00
Hector Martin
857d518950 apple_regs.json: Reformat and add many more registers
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-12 21:20:26 +09:00
Hector Martin
9268f83f9f sysreg.py: Define bitfields for more Apple regs
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-12 21:20:06 +09:00
Hector Martin
5bea278509 sysreg.py: Add sysreg_name() helper
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-12 21:19:50 +09:00
Hector Martin
a519af2ca8 proxyutils.py: Add support for symbolizing addresses
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-12 21:19:19 +09:00
Hector Martin
90872f460e macho.py: Support loading and importing symbol files
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-12 21:18:12 +09:00
Hector Martin
db9acba268 utils.py: Register: Initialize to 0
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-12 21:17:38 +09:00
Hector Martin
51bafa3c3f proxyutils.py: Fix silent arg for mrs/msr
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-12 21:17:09 +09:00
Hector Martin
ec5388d6b5 chainload.py: Support SMP when loading XNU
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-12 21:16:33 +09:00
Hector Martin
4e545d0513 adt.py: Improve parsing of reg/ranges & add resolver
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-12 21:16:15 +09:00
Sven Peter
e58c264a07 gxf: add SPRR/GXF proxyclient experiments
Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-05-11 15:48:40 +09:00
Sven Peter
34123e33d8 proxyutils: added GuardedHeap
Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-05-11 15:48:40 +09:00
Sven Peter
1c604a77c5 gxf: add support for guarded exception levels
Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-05-11 15:48:40 +09:00
Sven Peter
2c5b202c99 sysreg: add support for Apple's custom sysregs
Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-05-11 15:48:40 +09:00
Sven Peter
9120cb8426 memory: allow to reinit and temporarily disable the MMU
Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-05-11 15:48:40 +09:00
Sven Peter
b00c5e6522 utils.h: add msr_sync convenience macros
Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-05-11 15:48:40 +09:00
Sven Peter
36efdd2ac3 allow cpu_regs.h to be included in .S files
Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-05-11 15:48:40 +09:00
Sven Peter
813e40f4ca exception_asm.S: skip msr hcr_el2 if not required
When guarded exception levels are enabled hcr_el2 can no longer be written to from EL2.
A future commit will however use el1_call to jump to GL1. It will setup hcr_el2 before
enabling GXF such that the write doesn't have to happen in el1_call anymore

Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-05-11 15:48:40 +09:00
Sven Peter
148fe31122 exception_asm.S: correctly setup sp for EL1
The previous code switched SPSel to EL0 but then used eret to
jump to EL1h which uses SP_EL1 instead

Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-05-11 15:48:40 +09:00
Hector Martin
9a7a5c86a5 hv.py: Map only from guest base to RAM top to guest
This keeps the hypervisor safe, in theory.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-09 03:25:51 +09:00
Hector Martin
a6287ae68d proxy.py: Add defaults to hv_translate flag args
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-09 03:25:51 +09:00
Hector Martin
19415bd6a5 run_guest.py: Support setting boot_args
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-09 03:25:51 +09:00
Hector Martin
3fecf181f9 proxyutils.py: Only decode abort/msr info for SYNC exceptions
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-09 03:25:51 +09:00
Hector Martin
9bfe278f52 proxyutils.py: Add disassemble_at() method
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-09 03:25:51 +09:00
Hector Martin
e3d7e569dc sysreg.py: Define an impdef EC code that Apple seems to use
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-09 03:25:51 +09:00
Hector Martin
6ad3b263a1 macho.py: Add support for loaded section hooks for patching
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-09 03:25:51 +09:00
Hector Martin
ed32cf6328 hv_exc: Add a hacky STEP feature to interrupt guest after a while
This should eventually be a proper single step feature or something, but
for now...

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-09 03:25:51 +09:00
Hector Martin
bcdafe8d00 hv_vm: Short-circuit hv_translate when MMU is off
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-09 03:25:51 +09:00