Commit graph

627 commits

Author SHA1 Message Date
Hector Martin
48b4466abf m1n1.utils: Rewrite AddrLookup to improve performance & fix bugs
* Fix correctness issues (ranges could end up overlapping)
* Split ranges instead of merging them on overlap (previously a single
  range overlapping everything would reduce the lookup to a linear
  search over all ranges)
* Support removal and generic mutations by splitting out a generic
  RangeMap class that can be used with arbitrary values/collections

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 19:42:30 +09:00
Hector Martin
7e5054548a hv_vm: Rename SPTE_SYNC_TRACE to SPTE_TRACE_UNBUF
It's not really synchronous, it just flushes USB buffering.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 16:10:06 +09:00
Hector Martin
96ecd52b65 tools/chainload.py: Remove 1-second delay
I don't think we need this any more, ever since the new reconnection
code

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 15:59:55 +09:00
Hector Martin
a664bd5d55 hv_vm: Minor fixes to pagetable code
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 15:47:44 +09:00
Hector Martin
7ff613665b hv_asm.S: Add comments to the vectors
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 15:47:24 +09:00
Hector Martin
5751fa0019 hv_vm: Remove broken hv_max_proxy_hook
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 15:47:07 +09:00
Hector Martin
05db5dba6f trace_agx.py: Disable tracing the PMP bits
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 15:46:08 +09:00
Hector Martin
baa46bf4f1 find_regs.py: Fix script mode invocation
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-15 15:45:51 +09:00
Janne Grunau
dc57e586bc hv/trace_gpio.py: mmiotrace handler for "/arm-io/gpio"
The hanlder omits noise/useless of the mmio access and annotates
known offsets, pins, interrupts and config values.

Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-15 15:41:50 +09:00
Janne Grunau
3128956a8e hv.py: support device specific mmiotrace handlers
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-15 15:41:50 +09:00
Janne Grunau
670ce212d1 hv.py: style: use shorter conditional statements in handle_mmiotrace()
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-15 15:41:50 +09:00
Janne Grunau
1d6a9c5257 utils.py: prepare AddrLookup for device specific mmiotrace handlers
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-15 15:41:50 +09:00
Mark Kettenis
d33d7ba89d kboot: Provide MAC addresses in device tree
Read the MAC addresses from the ADT and store them in
"local-mac-address" properties on the relevant nodes in the FDT.
This relies on appropriate aliases in the provided FDT, which
matches how U-Boot provides MAC addresses on embedded targets.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
2021-06-15 15:27:18 +09:00
Hector Martin
e833e3c052 run_guest.py: Fix usage without -m or -c
Closes: #75

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-11 11:59:21 +09:00
Janne Grunau
d525979fb7 proxy/tools: add reboot.py
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-11 11:41:24 +09:00
Hector Martin
edbe471804 run_guest.py: Add options to run external scripts:
-m <script>

  Run a script in hypervisor context prior to starting the guest.
  This is essentially the same as the shell context.

-c <code>
  Run a literal string of code prior to starting the guest.

-S
  Start a shell instead of directly starting the guest. Use `start` to
  actually begin guest execution.

This also adds a couple example scripts under hv/.

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-10 22:37:12 +09:00
Hector Martin
a3558c86d7 tools/gen_reg_class.py: Script to generate Register classes
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-10 19:44:20 +09:00
Hector Martin
d9561b7507 proxyclient: Big cleanup/move to module
All the common/importable stuff now lives in the 'm1n1' module.

General use tools are in tools/

Reverse engineering experiments are in experiments/

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-10 19:40:48 +09:00
Sven Peter
9e061c2b50 usb_dwc3: shutdown the DART as well when shutting down usb
Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-06-10 15:41:33 +09:00
Janne Grunau
88275b5cb5 hv: add AIC interrupt tracing
Implemented by MMIO tracing of AIC's event register. Proposed by pipcet.

Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-10 15:41:02 +09:00
Janne Grunau
012d8964f9 adt.py: improve "interrupts" parsing
Correct parsing would require a second pass to use the
interrupt-parent's "#interrupt-cells".

Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-10 15:41:02 +09:00
Sven Peter
3e807d6686 dart: shutdown to bypass mode
This allows payloads to use DMA for anything that's not PCIe
even without a DART driver. It also restores the DART registers
the state the were left by iBoot.

Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-06-10 00:00:37 +09:00
Vincent Duvert
1a95a9fc17 Shell: do not access properties on startup
Change the way the shell finds methods to add to the locals on startup: the
methods are queried on the object’s class, rather than the object itself. This
allows detecting if an object’s member is a property and ignore it, rather than
accessing the property.

Attributes whose name starts by ‘_’ are also now ignored, which avoids
importing private methods or Python magic methods in the shell namespace.

Fixes spurious accesses to ProxyUtils’s SIMD properties (b, h, etc) on shell
startup, which caused a ProxyCommandError if m1n1 is not recent enough.

Signed-off-by: Vincent Duvert <vincent@duvert.net>
2021-06-09 19:47:54 +09:00
Janne Grunau
4b5c016368 hv: disable PMU counters inside the hypervisor
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-09 19:47:20 +09:00
Janne Grunau
8bf2763e57 apple_regs: annotate perf monitor system register fields
Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-09 19:47:20 +09:00
Janne Grunau
d61bf13cb0 hv: shadow perf monitor IRQ mode and state
The development Mac OS kernel panics if the PMCR0 sysreg is in an
unexpected state. To avoid that the hypervisor needs to shadow the
interrupt mode and interrupt active flag after it mask the PM FIQ.
Mac OS reads and writes frequently from PMCR0 and PMC 0/1 so handling
in m1n1 is preferred over Python.

Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-09 19:47:20 +09:00
Sven Peter
c47f1b2095 proxy: add dart_dump.py
Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-06-09 19:45:55 +09:00
Sven Peter
9529ec2b4f usb: add hpm_init and split usb_init and usb_iodev_init
This allows to bringup the USB PHY and the HPM for the
payload without having to initialize the CDC ACM driver
at the same time.

Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-06-09 19:45:38 +09:00
Sven Peter
d2b619957c tps6598x: add support for the USB PD chip
Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-06-09 19:45:38 +09:00
Sven Peter
103100bb42 i2c: add i2c support
Signed-off-by: Sven Peter <sven@svenpeter.dev>
2021-06-09 19:45:38 +09:00
Janne Grunau
747eb526c4 ci: add a m1n1 build CI job
Uploads the build m1n1.macho and compiled device tree.

Signed-off-by: Janne Grunau <j@jannau.net>
2021-06-09 19:10:10 +09:00
Hector Martin
7b22a72442 hv.py: Add reboot() command to reboot the system and exit
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-04 15:09:59 +09:00
Hector Martin
a175b6d159 proxy: Add reboot() call to hard reboot the system
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-04 15:09:11 +09:00
Hector Martin
89a7a3a5b1 proxy.py: Rename reboot() to reload()
reboot() is confusing (it doesn't reboot the system)

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-06-04 15:00:24 +09:00
Hector Martin
393089f076 hv_exc: Also pass through (E)HID4, since it's noisy
This seems to be poked every time the kernel does a specific kind of
dcache flush...

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-30 03:37:12 +09:00
Hector Martin
f1cfe27e31 hv: Use AFSR_GL1 when in guarded mode.
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-30 03:34:17 +09:00
Hector Martin
cd5a00ec87 uartproxy: Use only appropriate iodevs
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-30 02:11:10 +09:00
Hector Martin
c794ea6dc2 hv_vuart: Make compatible with xnu and enable
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-30 01:39:26 +09:00
Hector Martin
a5c7e1557f proxy.py: Make compatible with older pyserial
We don't use this right now, anyway

Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-30 01:22:22 +09:00
Hector Martin
ccc2d0b450 usb_dwc3: Implement CLEAR FEATURE, tweak things
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 17:52:48 +09:00
Hector Martin
4195b09c41 hv_wdt: Remove dead include
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 04:30:13 +09:00
Hector Martin
775902112d hv.py: Add M1RACLES mitigation
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 02:41:17 +09:00
Hector Martin
469b1258c0 hv.py: Branding 2021-05-28 02:13:23 +09:00
Hector Martin
3427bc0a2e hv.py: Be more selective about MMIO tracing
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 02:13:23 +09:00
Hector Martin
fe651cb9d7 hv_vm: Add more load/store emulation
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 02:13:23 +09:00
Hector Martin
12a7a0f1bb hv_exc: Allow the guest to see a bit of stolen time
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 02:13:23 +09:00
Hector Martin
fe2e89573e hv: Move break handling to hv_tick(), properly poll
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 02:13:23 +09:00
Hector Martin
64973d43a5 hv.py: Disable exception patching
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 02:13:23 +09:00
Hector Martin
f502dc7a83 hv.py: Activate logo improvements
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 02:13:23 +09:00
Hector Martin
66fc157e94 fb: Improve visuals
Signed-off-by: Hector Martin <marcan@marcan.st>
2021-05-28 00:45:05 +09:00