win_helper.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
win_helper.c (7308B)
      1/*
      2 * Copyright (c) 2011 - 2019, Max Filippov, Open Source and Linux Lab.
      3 * All rights reserved.
      4 *
      5 * Redistribution and use in source and binary forms, with or without
      6 * modification, are permitted provided that the following conditions are met:
      7 *     * Redistributions of source code must retain the above copyright
      8 *       notice, this list of conditions and the following disclaimer.
      9 *     * Redistributions in binary form must reproduce the above copyright
     10 *       notice, this list of conditions and the following disclaimer in the
     11 *       documentation and/or other materials provided with the distribution.
     12 *     * Neither the name of the Open Source and Linux Lab nor the
     13 *       names of its contributors may be used to endorse or promote products
     14 *       derived from this software without specific prior written permission.
     15 *
     16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
     17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
     20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
     21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
     23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
     25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     26 */
     27
     28#include "qemu/osdep.h"
     29#include "qemu/main-loop.h"
     30#include "cpu.h"
     31#include "exec/helper-proto.h"
     32#include "qemu/host-utils.h"
     33#include "exec/exec-all.h"
     34
     35static void copy_window_from_phys(CPUXtensaState *env,
     36                                  uint32_t window, uint32_t phys, uint32_t n)
     37{
     38    assert(phys < env->config->nareg);
     39    if (phys + n <= env->config->nareg) {
     40        memcpy(env->regs + window, env->phys_regs + phys,
     41               n * sizeof(uint32_t));
     42    } else {
     43        uint32_t n1 = env->config->nareg - phys;
     44        memcpy(env->regs + window, env->phys_regs + phys,
     45               n1 * sizeof(uint32_t));
     46        memcpy(env->regs + window + n1, env->phys_regs,
     47               (n - n1) * sizeof(uint32_t));
     48    }
     49}
     50
     51static void copy_phys_from_window(CPUXtensaState *env,
     52                                  uint32_t phys, uint32_t window, uint32_t n)
     53{
     54    assert(phys < env->config->nareg);
     55    if (phys + n <= env->config->nareg) {
     56        memcpy(env->phys_regs + phys, env->regs + window,
     57               n * sizeof(uint32_t));
     58    } else {
     59        uint32_t n1 = env->config->nareg - phys;
     60        memcpy(env->phys_regs + phys, env->regs + window,
     61               n1 * sizeof(uint32_t));
     62        memcpy(env->phys_regs, env->regs + window + n1,
     63               (n - n1) * sizeof(uint32_t));
     64    }
     65}
     66
     67static inline unsigned windowbase_bound(unsigned a, const CPUXtensaState *env)
     68{
     69    return a & (env->config->nareg / 4 - 1);
     70}
     71
     72static inline unsigned windowstart_bit(unsigned a, const CPUXtensaState *env)
     73{
     74    return 1 << windowbase_bound(a, env);
     75}
     76
     77void xtensa_sync_window_from_phys(CPUXtensaState *env)
     78{
     79    copy_window_from_phys(env, 0, env->sregs[WINDOW_BASE] * 4, 16);
     80}
     81
     82void xtensa_sync_phys_from_window(CPUXtensaState *env)
     83{
     84    copy_phys_from_window(env, env->sregs[WINDOW_BASE] * 4, 0, 16);
     85}
     86
     87static void xtensa_rotate_window_abs(CPUXtensaState *env, uint32_t position)
     88{
     89    xtensa_sync_phys_from_window(env);
     90    env->sregs[WINDOW_BASE] = windowbase_bound(position, env);
     91    xtensa_sync_window_from_phys(env);
     92}
     93
     94void xtensa_rotate_window(CPUXtensaState *env, uint32_t delta)
     95{
     96    xtensa_rotate_window_abs(env, env->sregs[WINDOW_BASE] + delta);
     97}
     98
     99void HELPER(sync_windowbase)(CPUXtensaState *env)
    100{
    101    xtensa_rotate_window_abs(env, env->windowbase_next);
    102}
    103
    104void HELPER(entry)(CPUXtensaState *env, uint32_t pc, uint32_t s, uint32_t imm)
    105{
    106    int callinc = (env->sregs[PS] & PS_CALLINC) >> PS_CALLINC_SHIFT;
    107
    108    env->regs[(callinc << 2) | (s & 3)] = env->regs[s] - imm;
    109    env->windowbase_next = env->sregs[WINDOW_BASE] + callinc;
    110    env->sregs[WINDOW_START] |= windowstart_bit(env->windowbase_next, env);
    111}
    112
    113void HELPER(window_check)(CPUXtensaState *env, uint32_t pc, uint32_t w)
    114{
    115    uint32_t windowbase = windowbase_bound(env->sregs[WINDOW_BASE], env);
    116    uint32_t windowstart = xtensa_replicate_windowstart(env) >>
    117        (env->sregs[WINDOW_BASE] + 1);
    118    uint32_t n = ctz32(windowstart) + 1;
    119
    120    assert(n <= w);
    121
    122    xtensa_rotate_window(env, n);
    123    env->sregs[PS] = (env->sregs[PS] & ~PS_OWB) |
    124        (windowbase << PS_OWB_SHIFT) | PS_EXCM;
    125    env->sregs[EPC1] = env->pc = pc;
    126
    127    switch (ctz32(windowstart >> n)) {
    128    case 0:
    129        HELPER(exception)(env, EXC_WINDOW_OVERFLOW4);
    130        break;
    131    case 1:
    132        HELPER(exception)(env, EXC_WINDOW_OVERFLOW8);
    133        break;
    134    default:
    135        HELPER(exception)(env, EXC_WINDOW_OVERFLOW12);
    136        break;
    137    }
    138}
    139
    140void HELPER(test_ill_retw)(CPUXtensaState *env, uint32_t pc)
    141{
    142    int n = (env->regs[0] >> 30) & 0x3;
    143    int m = 0;
    144    uint32_t windowbase = windowbase_bound(env->sregs[WINDOW_BASE], env);
    145    uint32_t windowstart = env->sregs[WINDOW_START];
    146
    147    if (windowstart & windowstart_bit(windowbase - 1, env)) {
    148        m = 1;
    149    } else if (windowstart & windowstart_bit(windowbase - 2, env)) {
    150        m = 2;
    151    } else if (windowstart & windowstart_bit(windowbase - 3, env)) {
    152        m = 3;
    153    }
    154
    155    if (n == 0 || (m != 0 && m != n)) {
    156        qemu_log_mask(LOG_GUEST_ERROR, "Illegal retw instruction(pc = %08x), "
    157                      "PS = %08x, m = %d, n = %d\n",
    158                      pc, env->sregs[PS], m, n);
    159        HELPER(exception_cause)(env, pc, ILLEGAL_INSTRUCTION_CAUSE);
    160    }
    161}
    162
    163void HELPER(test_underflow_retw)(CPUXtensaState *env, uint32_t pc)
    164{
    165    int n = (env->regs[0] >> 30) & 0x3;
    166
    167    if (!(env->sregs[WINDOW_START] &
    168          windowstart_bit(env->sregs[WINDOW_BASE] - n, env))) {
    169        uint32_t windowbase = windowbase_bound(env->sregs[WINDOW_BASE], env);
    170
    171        xtensa_rotate_window(env, -n);
    172        /* window underflow */
    173        env->sregs[PS] = (env->sregs[PS] & ~PS_OWB) |
    174            (windowbase << PS_OWB_SHIFT) | PS_EXCM;
    175        env->sregs[EPC1] = env->pc = pc;
    176
    177        if (n == 1) {
    178            HELPER(exception)(env, EXC_WINDOW_UNDERFLOW4);
    179        } else if (n == 2) {
    180            HELPER(exception)(env, EXC_WINDOW_UNDERFLOW8);
    181        } else if (n == 3) {
    182            HELPER(exception)(env, EXC_WINDOW_UNDERFLOW12);
    183        }
    184    }
    185}
    186
    187void HELPER(retw)(CPUXtensaState *env, uint32_t a0)
    188{
    189    int n = (a0 >> 30) & 0x3;
    190
    191    xtensa_rotate_window(env, -n);
    192}
    193
    194void xtensa_restore_owb(CPUXtensaState *env)
    195{
    196    xtensa_rotate_window_abs(env, (env->sregs[PS] & PS_OWB) >> PS_OWB_SHIFT);
    197}
    198
    199void HELPER(restore_owb)(CPUXtensaState *env)
    200{
    201    xtensa_restore_owb(env);
    202}
    203
    204void HELPER(movsp)(CPUXtensaState *env, uint32_t pc)
    205{
    206    if ((env->sregs[WINDOW_START] &
    207         (windowstart_bit(env->sregs[WINDOW_BASE] - 3, env) |
    208          windowstart_bit(env->sregs[WINDOW_BASE] - 2, env) |
    209          windowstart_bit(env->sregs[WINDOW_BASE] - 1, env))) == 0) {
    210        HELPER(exception_cause)(env, pc, ALLOCA_CAUSE);
    211    }
    212}