genptr.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
genptr.c (14577B)
      1/*
      2 *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights Reserved.
      3 *
      4 *  This program is free software; you can redistribute it and/or modify
      5 *  it under the terms of the GNU General Public License as published by
      6 *  the Free Software Foundation; either version 2 of the License, or
      7 *  (at your option) any later version.
      8 *
      9 *  This program is distributed in the hope that it will be useful,
     10 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
     11 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     12 *  GNU General Public License for more details.
     13 *
     14 *  You should have received a copy of the GNU General Public License
     15 *  along with this program; if not, see <http://www.gnu.org/licenses/>.
     16 */
     17
     18#include "qemu/osdep.h"
     19#include "cpu.h"
     20#include "internal.h"
     21#include "tcg/tcg-op.h"
     22#include "insn.h"
     23#include "opcodes.h"
     24#include "translate.h"
     25#define QEMU_GENERATE       /* Used internally by macros.h */
     26#include "macros.h"
     27#undef QEMU_GENERATE
     28#include "gen_tcg.h"
     29
     30static inline void gen_log_predicated_reg_write(int rnum, TCGv val, int slot)
     31{
     32    TCGv zero = tcg_constant_tl(0);
     33    TCGv slot_mask = tcg_temp_new();
     34
     35    tcg_gen_andi_tl(slot_mask, hex_slot_cancelled, 1 << slot);
     36    tcg_gen_movcond_tl(TCG_COND_EQ, hex_new_value[rnum], slot_mask, zero,
     37                           val, hex_new_value[rnum]);
     38    if (HEX_DEBUG) {
     39        /*
     40         * Do this so HELPER(debug_commit_end) will know
     41         *
     42         * Note that slot_mask indicates the value is not written
     43         * (i.e., slot was cancelled), so we create a true/false value before
     44         * or'ing with hex_reg_written[rnum].
     45         */
     46        tcg_gen_setcond_tl(TCG_COND_EQ, slot_mask, slot_mask, zero);
     47        tcg_gen_or_tl(hex_reg_written[rnum], hex_reg_written[rnum], slot_mask);
     48    }
     49
     50    tcg_temp_free(slot_mask);
     51}
     52
     53static inline void gen_log_reg_write(int rnum, TCGv val)
     54{
     55    tcg_gen_mov_tl(hex_new_value[rnum], val);
     56    if (HEX_DEBUG) {
     57        /* Do this so HELPER(debug_commit_end) will know */
     58        tcg_gen_movi_tl(hex_reg_written[rnum], 1);
     59    }
     60}
     61
     62static void gen_log_predicated_reg_write_pair(int rnum, TCGv_i64 val, int slot)
     63{
     64    TCGv val32 = tcg_temp_new();
     65    TCGv zero = tcg_constant_tl(0);
     66    TCGv slot_mask = tcg_temp_new();
     67
     68    tcg_gen_andi_tl(slot_mask, hex_slot_cancelled, 1 << slot);
     69    /* Low word */
     70    tcg_gen_extrl_i64_i32(val32, val);
     71    tcg_gen_movcond_tl(TCG_COND_EQ, hex_new_value[rnum],
     72                       slot_mask, zero,
     73                       val32, hex_new_value[rnum]);
     74    /* High word */
     75    tcg_gen_extrh_i64_i32(val32, val);
     76    tcg_gen_movcond_tl(TCG_COND_EQ, hex_new_value[rnum + 1],
     77                       slot_mask, zero,
     78                       val32, hex_new_value[rnum + 1]);
     79    if (HEX_DEBUG) {
     80        /*
     81         * Do this so HELPER(debug_commit_end) will know
     82         *
     83         * Note that slot_mask indicates the value is not written
     84         * (i.e., slot was cancelled), so we create a true/false value before
     85         * or'ing with hex_reg_written[rnum].
     86         */
     87        tcg_gen_setcond_tl(TCG_COND_EQ, slot_mask, slot_mask, zero);
     88        tcg_gen_or_tl(hex_reg_written[rnum], hex_reg_written[rnum], slot_mask);
     89        tcg_gen_or_tl(hex_reg_written[rnum + 1], hex_reg_written[rnum + 1],
     90                      slot_mask);
     91    }
     92
     93    tcg_temp_free(val32);
     94    tcg_temp_free(slot_mask);
     95}
     96
     97static void gen_log_reg_write_pair(int rnum, TCGv_i64 val)
     98{
     99    /* Low word */
    100    tcg_gen_extrl_i64_i32(hex_new_value[rnum], val);
    101    if (HEX_DEBUG) {
    102        /* Do this so HELPER(debug_commit_end) will know */
    103        tcg_gen_movi_tl(hex_reg_written[rnum], 1);
    104    }
    105
    106    /* High word */
    107    tcg_gen_extrh_i64_i32(hex_new_value[rnum + 1], val);
    108    if (HEX_DEBUG) {
    109        /* Do this so HELPER(debug_commit_end) will know */
    110        tcg_gen_movi_tl(hex_reg_written[rnum + 1], 1);
    111    }
    112}
    113
    114static inline void gen_log_pred_write(DisasContext *ctx, int pnum, TCGv val)
    115{
    116    TCGv base_val = tcg_temp_new();
    117
    118    tcg_gen_andi_tl(base_val, val, 0xff);
    119
    120    /*
    121     * Section 6.1.3 of the Hexagon V67 Programmer's Reference Manual
    122     *
    123     * Multiple writes to the same preg are and'ed together
    124     * If this is the first predicate write in the packet, do a
    125     * straight assignment.  Otherwise, do an and.
    126     */
    127    if (!test_bit(pnum, ctx->pregs_written)) {
    128        tcg_gen_mov_tl(hex_new_pred_value[pnum], base_val);
    129    } else {
    130        tcg_gen_and_tl(hex_new_pred_value[pnum],
    131                       hex_new_pred_value[pnum], base_val);
    132    }
    133    tcg_gen_ori_tl(hex_pred_written, hex_pred_written, 1 << pnum);
    134
    135    tcg_temp_free(base_val);
    136}
    137
    138static inline void gen_read_p3_0(TCGv control_reg)
    139{
    140    tcg_gen_movi_tl(control_reg, 0);
    141    for (int i = 0; i < NUM_PREGS; i++) {
    142        tcg_gen_deposit_tl(control_reg, control_reg, hex_pred[i], i * 8, 8);
    143    }
    144}
    145
    146/*
    147 * Certain control registers require special handling on read
    148 *     HEX_REG_P3_0          aliased to the predicate registers
    149 *                           -> concat the 4 predicate registers together
    150 *     HEX_REG_PC            actual value stored in DisasContext
    151 *                           -> assign from ctx->base.pc_next
    152 *     HEX_REG_QEMU_*_CNT    changes in current TB in DisasContext
    153 *                           -> add current TB changes to existing reg value
    154 */
    155static inline void gen_read_ctrl_reg(DisasContext *ctx, const int reg_num,
    156                                     TCGv dest)
    157{
    158    if (reg_num == HEX_REG_P3_0) {
    159        gen_read_p3_0(dest);
    160    } else if (reg_num == HEX_REG_PC) {
    161        tcg_gen_movi_tl(dest, ctx->base.pc_next);
    162    } else if (reg_num == HEX_REG_QEMU_PKT_CNT) {
    163        tcg_gen_addi_tl(dest, hex_gpr[HEX_REG_QEMU_PKT_CNT],
    164                        ctx->num_packets);
    165    } else if (reg_num == HEX_REG_QEMU_INSN_CNT) {
    166        tcg_gen_addi_tl(dest, hex_gpr[HEX_REG_QEMU_INSN_CNT],
    167                        ctx->num_insns);
    168    } else {
    169        tcg_gen_mov_tl(dest, hex_gpr[reg_num]);
    170    }
    171}
    172
    173static inline void gen_read_ctrl_reg_pair(DisasContext *ctx, const int reg_num,
    174                                          TCGv_i64 dest)
    175{
    176    if (reg_num == HEX_REG_P3_0) {
    177        TCGv p3_0 = tcg_temp_new();
    178        gen_read_p3_0(p3_0);
    179        tcg_gen_concat_i32_i64(dest, p3_0, hex_gpr[reg_num + 1]);
    180        tcg_temp_free(p3_0);
    181    } else if (reg_num == HEX_REG_PC - 1) {
    182        TCGv pc = tcg_constant_tl(ctx->base.pc_next);
    183        tcg_gen_concat_i32_i64(dest, hex_gpr[reg_num], pc);
    184    } else if (reg_num == HEX_REG_QEMU_PKT_CNT) {
    185        TCGv pkt_cnt = tcg_temp_new();
    186        TCGv insn_cnt = tcg_temp_new();
    187        tcg_gen_addi_tl(pkt_cnt, hex_gpr[HEX_REG_QEMU_PKT_CNT],
    188                        ctx->num_packets);
    189        tcg_gen_addi_tl(insn_cnt, hex_gpr[HEX_REG_QEMU_INSN_CNT],
    190                        ctx->num_insns);
    191        tcg_gen_concat_i32_i64(dest, pkt_cnt, insn_cnt);
    192        tcg_temp_free(pkt_cnt);
    193        tcg_temp_free(insn_cnt);
    194    } else {
    195        tcg_gen_concat_i32_i64(dest,
    196            hex_gpr[reg_num],
    197            hex_gpr[reg_num + 1]);
    198    }
    199}
    200
    201static inline void gen_write_p3_0(TCGv control_reg)
    202{
    203    for (int i = 0; i < NUM_PREGS; i++) {
    204        tcg_gen_extract_tl(hex_pred[i], control_reg, i * 8, 8);
    205    }
    206}
    207
    208/*
    209 * Certain control registers require special handling on write
    210 *     HEX_REG_P3_0          aliased to the predicate registers
    211 *                           -> break the value across 4 predicate registers
    212 *     HEX_REG_QEMU_*_CNT    changes in current TB in DisasContext
    213 *                            -> clear the changes
    214 */
    215static inline void gen_write_ctrl_reg(DisasContext *ctx, int reg_num,
    216                                      TCGv val)
    217{
    218    if (reg_num == HEX_REG_P3_0) {
    219        gen_write_p3_0(val);
    220    } else {
    221        gen_log_reg_write(reg_num, val);
    222        ctx_log_reg_write(ctx, reg_num);
    223        if (reg_num == HEX_REG_QEMU_PKT_CNT) {
    224            ctx->num_packets = 0;
    225        }
    226        if (reg_num == HEX_REG_QEMU_INSN_CNT) {
    227            ctx->num_insns = 0;
    228        }
    229    }
    230}
    231
    232static inline void gen_write_ctrl_reg_pair(DisasContext *ctx, int reg_num,
    233                                           TCGv_i64 val)
    234{
    235    if (reg_num == HEX_REG_P3_0) {
    236        TCGv val32 = tcg_temp_new();
    237        tcg_gen_extrl_i64_i32(val32, val);
    238        gen_write_p3_0(val32);
    239        tcg_gen_extrh_i64_i32(val32, val);
    240        gen_log_reg_write(reg_num + 1, val32);
    241        tcg_temp_free(val32);
    242        ctx_log_reg_write(ctx, reg_num + 1);
    243    } else {
    244        gen_log_reg_write_pair(reg_num, val);
    245        ctx_log_reg_write_pair(ctx, reg_num);
    246        if (reg_num == HEX_REG_QEMU_PKT_CNT) {
    247            ctx->num_packets = 0;
    248            ctx->num_insns = 0;
    249        }
    250    }
    251}
    252
    253static TCGv gen_get_byte(TCGv result, int N, TCGv src, bool sign)
    254{
    255    if (sign) {
    256        tcg_gen_sextract_tl(result, src, N * 8, 8);
    257    } else {
    258        tcg_gen_extract_tl(result, src, N * 8, 8);
    259    }
    260    return result;
    261}
    262
    263static TCGv gen_get_byte_i64(TCGv result, int N, TCGv_i64 src, bool sign)
    264{
    265    TCGv_i64 res64 = tcg_temp_new_i64();
    266    if (sign) {
    267        tcg_gen_sextract_i64(res64, src, N * 8, 8);
    268    } else {
    269        tcg_gen_extract_i64(res64, src, N * 8, 8);
    270    }
    271    tcg_gen_extrl_i64_i32(result, res64);
    272    tcg_temp_free_i64(res64);
    273
    274    return result;
    275}
    276
    277static inline TCGv gen_get_half(TCGv result, int N, TCGv src, bool sign)
    278{
    279    if (sign) {
    280        tcg_gen_sextract_tl(result, src, N * 16, 16);
    281    } else {
    282        tcg_gen_extract_tl(result, src, N * 16, 16);
    283    }
    284    return result;
    285}
    286
    287static inline void gen_set_half(int N, TCGv result, TCGv src)
    288{
    289    tcg_gen_deposit_tl(result, result, src, N * 16, 16);
    290}
    291
    292static inline void gen_set_half_i64(int N, TCGv_i64 result, TCGv src)
    293{
    294    TCGv_i64 src64 = tcg_temp_new_i64();
    295    tcg_gen_extu_i32_i64(src64, src);
    296    tcg_gen_deposit_i64(result, result, src64, N * 16, 16);
    297    tcg_temp_free_i64(src64);
    298}
    299
    300static void gen_set_byte_i64(int N, TCGv_i64 result, TCGv src)
    301{
    302    TCGv_i64 src64 = tcg_temp_new_i64();
    303    tcg_gen_extu_i32_i64(src64, src);
    304    tcg_gen_deposit_i64(result, result, src64, N * 8, 8);
    305    tcg_temp_free_i64(src64);
    306}
    307
    308static inline void gen_load_locked4u(TCGv dest, TCGv vaddr, int mem_index)
    309{
    310    tcg_gen_qemu_ld32u(dest, vaddr, mem_index);
    311    tcg_gen_mov_tl(hex_llsc_addr, vaddr);
    312    tcg_gen_mov_tl(hex_llsc_val, dest);
    313}
    314
    315static inline void gen_load_locked8u(TCGv_i64 dest, TCGv vaddr, int mem_index)
    316{
    317    tcg_gen_qemu_ld64(dest, vaddr, mem_index);
    318    tcg_gen_mov_tl(hex_llsc_addr, vaddr);
    319    tcg_gen_mov_i64(hex_llsc_val_i64, dest);
    320}
    321
    322static inline void gen_store_conditional4(DisasContext *ctx,
    323                                          TCGv pred, TCGv vaddr, TCGv src)
    324{
    325    TCGLabel *fail = gen_new_label();
    326    TCGLabel *done = gen_new_label();
    327    TCGv one, zero, tmp;
    328
    329    tcg_gen_brcond_tl(TCG_COND_NE, vaddr, hex_llsc_addr, fail);
    330
    331    one = tcg_constant_tl(0xff);
    332    zero = tcg_constant_tl(0);
    333    tmp = tcg_temp_new();
    334    tcg_gen_atomic_cmpxchg_tl(tmp, hex_llsc_addr, hex_llsc_val, src,
    335                              ctx->mem_idx, MO_32);
    336    tcg_gen_movcond_tl(TCG_COND_EQ, pred, tmp, hex_llsc_val,
    337                       one, zero);
    338    tcg_temp_free(tmp);
    339    tcg_gen_br(done);
    340
    341    gen_set_label(fail);
    342    tcg_gen_movi_tl(pred, 0);
    343
    344    gen_set_label(done);
    345    tcg_gen_movi_tl(hex_llsc_addr, ~0);
    346}
    347
    348static inline void gen_store_conditional8(DisasContext *ctx,
    349                                          TCGv pred, TCGv vaddr, TCGv_i64 src)
    350{
    351    TCGLabel *fail = gen_new_label();
    352    TCGLabel *done = gen_new_label();
    353    TCGv_i64 one, zero, tmp;
    354
    355    tcg_gen_brcond_tl(TCG_COND_NE, vaddr, hex_llsc_addr, fail);
    356
    357    one = tcg_constant_i64(0xff);
    358    zero = tcg_constant_i64(0);
    359    tmp = tcg_temp_new_i64();
    360    tcg_gen_atomic_cmpxchg_i64(tmp, hex_llsc_addr, hex_llsc_val_i64, src,
    361                               ctx->mem_idx, MO_64);
    362    tcg_gen_movcond_i64(TCG_COND_EQ, tmp, tmp, hex_llsc_val_i64,
    363                        one, zero);
    364    tcg_gen_extrl_i64_i32(pred, tmp);
    365    tcg_temp_free_i64(tmp);
    366    tcg_gen_br(done);
    367
    368    gen_set_label(fail);
    369    tcg_gen_movi_tl(pred, 0);
    370
    371    gen_set_label(done);
    372    tcg_gen_movi_tl(hex_llsc_addr, ~0);
    373}
    374
    375static inline void gen_store32(TCGv vaddr, TCGv src, int width, int slot)
    376{
    377    tcg_gen_mov_tl(hex_store_addr[slot], vaddr);
    378    tcg_gen_movi_tl(hex_store_width[slot], width);
    379    tcg_gen_mov_tl(hex_store_val32[slot], src);
    380}
    381
    382static inline void gen_store1(TCGv_env cpu_env, TCGv vaddr, TCGv src,
    383                              DisasContext *ctx, int slot)
    384{
    385    gen_store32(vaddr, src, 1, slot);
    386    ctx->store_width[slot] = 1;
    387}
    388
    389static inline void gen_store1i(TCGv_env cpu_env, TCGv vaddr, int32_t src,
    390                               DisasContext *ctx, int slot)
    391{
    392    TCGv tmp = tcg_constant_tl(src);
    393    gen_store1(cpu_env, vaddr, tmp, ctx, slot);
    394}
    395
    396static inline void gen_store2(TCGv_env cpu_env, TCGv vaddr, TCGv src,
    397                              DisasContext *ctx, int slot)
    398{
    399    gen_store32(vaddr, src, 2, slot);
    400    ctx->store_width[slot] = 2;
    401}
    402
    403static inline void gen_store2i(TCGv_env cpu_env, TCGv vaddr, int32_t src,
    404                               DisasContext *ctx, int slot)
    405{
    406    TCGv tmp = tcg_constant_tl(src);
    407    gen_store2(cpu_env, vaddr, tmp, ctx, slot);
    408}
    409
    410static inline void gen_store4(TCGv_env cpu_env, TCGv vaddr, TCGv src,
    411                              DisasContext *ctx, int slot)
    412{
    413    gen_store32(vaddr, src, 4, slot);
    414    ctx->store_width[slot] = 4;
    415}
    416
    417static inline void gen_store4i(TCGv_env cpu_env, TCGv vaddr, int32_t src,
    418                               DisasContext *ctx, int slot)
    419{
    420    TCGv tmp = tcg_constant_tl(src);
    421    gen_store4(cpu_env, vaddr, tmp, ctx, slot);
    422}
    423
    424static inline void gen_store8(TCGv_env cpu_env, TCGv vaddr, TCGv_i64 src,
    425                              DisasContext *ctx, int slot)
    426{
    427    tcg_gen_mov_tl(hex_store_addr[slot], vaddr);
    428    tcg_gen_movi_tl(hex_store_width[slot], 8);
    429    tcg_gen_mov_i64(hex_store_val64[slot], src);
    430    ctx->store_width[slot] = 8;
    431}
    432
    433static inline void gen_store8i(TCGv_env cpu_env, TCGv vaddr, int64_t src,
    434                               DisasContext *ctx, int slot)
    435{
    436    TCGv_i64 tmp = tcg_constant_i64(src);
    437    gen_store8(cpu_env, vaddr, tmp, ctx, slot);
    438}
    439
    440static TCGv gen_8bitsof(TCGv result, TCGv value)
    441{
    442    TCGv zero = tcg_constant_tl(0);
    443    TCGv ones = tcg_constant_tl(0xff);
    444    tcg_gen_movcond_tl(TCG_COND_NE, result, value, zero, ones, zero);
    445
    446    return result;
    447}
    448
    449#include "tcg_funcs_generated.c.inc"
    450#include "tcg_func_table_generated.c.inc"