#define PrintDebug(fmt, args...)
#endif
-/* TODO LIST:
- * - save/restore register state on XBEGIN/XABORT
- * - put status codes in RAX
- * - Implement proper exceptions for failed XBEGINS etc.
- */
/* this includes a mov to rax */
static const char * vmmcall_bytes = "\x48\xc7\xc0\x37\x13\x00\x00\x0f\x01\xd9";
/* this will attempt to abort all the remote cores */
if (tm_handle_decode_fail(core) == -1) {
TM_ERR(core,Error,"Could not handle failed decode\n");
- return -1;
+ return ERR_STORE_FAIL;
}
/* we need to trigger a local abort */
return ERR_TRANS_FAULT_FAIL;
} else if (sto == ERR_STORE_MUST_ABORT) {
TM_DBG(core,EXIT,"aborting for some reason\n");
- v3_handle_trans_abort(core);
+ v3_handle_trans_abort(core, TM_ABORT_UNSPECIFIED, 0);
return TRANS_FAULT_OK;
}
} else if (sto == ERR_STORE_MUST_ABORT) {
TM_ERR(core,IFETCH,"decode failed, going out of single stepping\n");
- v3_handle_trans_abort(core);
+ v3_handle_trans_abort(core, TM_ABORT_UNSPECIFIED, 0);
return TRANS_FAULT_OK;
}
TM_DBG(core,EXIT,"we are in ABORT, call the abort handler\n");
tm->TM_ABORT = 0;
- v3_handle_trans_abort(core);
+ v3_handle_trans_abort(core, TM_ABORT_UNSPECIFIED, 0);
TM_DBG(core,EXIT,"RIP after abort: %p\n", ((void*)(core->rip)));
} else if (conflict == CHECK_IS_CONFLICT) {
TM_DBG(core,EXIT,"we have a conflict, aborting\n");
- v3_handle_trans_abort(core);
+ v3_handle_trans_abort(core, TM_ABORT_CONFLICT, 0);
return CHECK_MUST_ABORT;
}
}
+static void
+tm_set_abort_status (struct guest_info * core,
+ tm_abrt_cause_t cause,
+ uint8_t xabort_reason)
+{
+ core->vm_regs.rax = 0;
+
+ switch (cause) {
+ case TM_ABORT_XABORT:
+ // we put the xabort immediate in eax 31:24
+ // cause is zero
+ core->vm_regs.rax |= (xabort_reason << 24);
+ break;
+ case TM_ABORT_CONFLICT:
+ // if this was a conflict from another core, it may work
+ // if we try again
+ core->vm_regs.rax |= (1 << ABORT_CONFLICT) | (1 << ABORT_RETRY);
+ break;
+ case TM_ABORT_INTERNAL:
+ case TM_ABORT_BKPT:
+ core->vm_regs.rax |= (1 << cause);
+ break;
+ case TM_ABORT_UNSPECIFIED:
+ // just return 0 in EAX
+ break;
+ default:
+ TM_ERR(core, ABORT, "invalid abort cause\n");
+ break;
+ }
+}
+
+
+// xabort_reason is only used for XABORT instruction
int
-v3_handle_trans_abort (struct guest_info * core)
+v3_handle_trans_abort (struct guest_info * core,
+ tm_abrt_cause_t cause,
+ uint8_t xabort_reason)
{
struct v3_trans_mem * tm = (struct v3_trans_mem *)v3_get_ext_core_state(core, "trans_mem");
v3_tm_inc_tnum(tm);
}
-
+ tm_set_abort_status(core, cause, xabort_reason);
+
// time to garbage collect
if (tm_hash_gc(tm) == -1) {
TM_ERR(core,GC,"could not gc!\n");
tm_collect_context (struct v3_trans_mem * tm,
struct hashtable_iter * ctxt_iter,
struct hash_chain * curr,
- uint64_t * begin_time,
- uint64_t * end_time,
addr_t gva)
{
uint64_t i;
for (i = 0; i < tm->ginfo->vm_info->num_cores; i++) {
- void * buf[3];
+ struct v3_ctxt_tuple tup;
struct v3_tm_access_type * type;
addr_t key;
- rdtscll(*end_time);
- if ((*end_time - *begin_time) > 100000000) {
- TM_ERR(tm->ginfo,GC,"time threshhold exceeded, exiting!!!\n");
- return -1;
- }
-
- buf[0] = (void *)gva;
- buf[1] = (void *)i;
- buf[2] = (void *)curr->curr_lt[i];
+ tup.gva = (void *)gva;
+ tup.core_id = (void *)i;
+ tup.core_lt = (void *)curr->curr_lt[i];
- key = v3_hash_buffer((uchar_t*)buf, sizeof(void*)*3);
+ key = v3_hash_buffer((uchar_t*)&tup, sizeof(struct v3_ctxt_tuple));
type = (struct v3_tm_access_type *)v3_htable_search(tm->access_type, key);
tm_collect_all_contexts (struct v3_trans_mem * tm,
struct hashtable_iter * ctxt_iter,
uint64_t tmoff,
- uint64_t * lt_copy,
- uint64_t * begin_time,
- uint64_t * end_time)
+ uint64_t * lt_copy)
{
struct hash_chain * tmp;
struct hash_chain * curr;
TM_DBG(tm->ginfo,GC,"garbage collecting entries for address %llx\n", (uint64_t)gva);
/* found one, delete corresponding entries in access_type */
- if (tm_collect_context(tm, ctxt_iter, curr, begin_time, end_time, gva) == -1) {
+ if (tm_collect_context(tm, ctxt_iter, curr, gva) == -1) {
TM_ERR(tm->ginfo,GC,"ERROR collecting context\n");
return -1;
}
{
addr_t irqstate, irqstate2;
int rc = 0;
- uint64_t begin_time, end_time, tmoff;
+ uint64_t tmoff;
uint64_t * lt_copy;
struct v3_tm_state * tms = NULL;
struct hashtable_iter * ctxt_iter = NULL;
memset(lt_copy, 0, sizeof(uint64_t)*(tm->ginfo->vm_info->num_cores));
- rdtscll(begin_time);
-
/* lt_copy holds the last transaction number for each core */
irqstate = v3_lock_irqsave(tm_global_state->lock);
memcpy(lt_copy, tm_global_state->last_trans, sizeof(uint64_t)*(tm->ginfo->vm_info->num_cores));
/* we check each address stored in the hash */
while (ctxt_iter->entry) {
/* NOTE: this call advances the hash iterator */
- if (tm_collect_all_contexts(tm, ctxt_iter, tmoff, lt_copy, &begin_time, &end_time) == -1) {
+ if (tm_collect_all_contexts(tm, ctxt_iter, tmoff, lt_copy) == -1) {
rc = -1;
goto out1;
}
v3_unlock_irqrestore(tm->access_type_lock, irqstate);
v3_unlock_irqrestore(tm->addr_ctxt_lock, irqstate2);
- rdtscll(end_time);
-
if (rc == -1) {
- TM_ERR(tm->ginfo,GC,"garbage collection failed, time spent: %d cycles\n", (int)(end_time - begin_time));
+ TM_ERR(tm->ginfo,GC,"garbage collection failed\n");
} else {
- TM_DBG(tm->ginfo,GC,"ended garbage collection succesfuly, time spent: %d cycles\n", (int)(end_time - begin_time));
+ TM_DBG(tm->ginfo,GC,"ended garbage collection succesfuly\n");
}
TM_DBG(tm->ginfo,GC,"\t %d entries in addr_ctxt (post)\n", (int)v3_htable_count(tm->addr_ctxt));
}
+static void
+tm_prepare_cpuid (struct v3_vm_info * vm)
+{
+
+ V3_Print(vm, VCORE_NONE, "TM INIT | enabling RTM cap in CPUID\n");
+
+ /* increase max CPUID function to 7 (extended feature flags enumeration) */
+ v3_cpuid_add_fields(vm,0x0,
+ 0xf, 0x7,
+ 0, 0,
+ 0, 0,
+ 0, 0);
+
+
+ /* do the same for AMD */
+ v3_cpuid_add_fields(vm,0x80000000,
+ 0xffffffff, 0x80000007,
+ 0, 0,
+ 0, 0,
+ 0, 0);
+
+
+ /* enable RTM (CPUID.07H.EBX.RTM = 1) */
+ v3_cpuid_add_fields(vm, 0x07, 0, 0, (1<<11), 0, 0, 0, 0, 0);
+ v3_cpuid_add_fields(vm, 0x80000007, 0, 0, (1<<11), 0, 0, 0, 0, 0);
+}
+
+
static int
init_trans_mem (struct v3_vm_info * vm,
v3_cfg_tree_t * cfg,
*priv_data = tms;
tm_global_state = tms;
+ tm_prepare_cpuid(vm);
+
return 0;
out_err1:
v3_lock_deinit(&(tm->addr_ctxt_lock));
v3_lock_deinit(&(tm->access_type_lock));
- if (tm) {
- V3_Free(tm);
- }
+ V3_Free(tm);
return 0;
}
tm_handle_xend (struct guest_info * core,
struct v3_trans_mem * tm)
{
- rdtscll(tm->exit_time);
- // Error checking! make sure that we have gotten here in a legitimate manner
+ /* XEND should raise a GPF when RTM mode is not on */
if (tm->TM_MODE != TM_ON) {
TM_ERR(core, UD, "Encountered XEND while not in a transactional region\n");
- v3_free_staging_page(tm);
- v3_clr_vtlb(core);
- v3_clear_tm_lists(tm);
- v3_raise_exception(core, UD_EXCEPTION);
+
+ v3_raise_exception(core, GPF_EXCEPTION);
return 0;
+
}
/* Our transaction finished! */
*/
static int
tm_handle_xabort (struct guest_info * core,
- struct v3_trans_mem * tm)
+ struct v3_trans_mem * tm,
+ uchar_t * instr)
{
- /* TODO: this probably needs to move somewhere else */
- rdtscll(tm->exit_time);
+ uint8_t reason;
+
+ // we must reflect the immediate back into EAX 31:24
+ reason = *(uint8_t*)(instr+2);
// Error checking! make sure that we have gotten here in a legitimate manner
if (tm->TM_MODE != TM_ON) {
}
// Handle the exit
- v3_handle_trans_abort(core);
+ v3_handle_trans_abort(core, TM_ABORT_XABORT, reason);
return 0;
}
uchar_t * instr)
{
sint32_t rel_addr = 0;
+ uint8_t out_of_bounds = 0;
+ uint8_t in_compat_no_long = 0;
if (tm->TM_MODE == TM_ON) {
- TM_ERR(core,UD,"We got here while already in a transactional region!");
+ /* TODO: this is actually an indication of nesting, we'll fix this later */
+ TM_ERR(core,UD,"We don't support nested transactions yet!\n");
v3_raise_exception(core, UD_EXCEPTION);
+ return -1;
}
- rdtscll(tm->entry_time);
- tm->entry_exits = core->num_exits;
+ // Save the fail_call address (first 2 bytes = opcode, last 4 = fail call addr)
+ rel_addr = *(sint32_t*)(instr+2);
+
+ /* raise a GPF if we're trying to set a fail call outside of code segment */
+ in_compat_no_long = (core->cpu_mode == LONG_32_COMPAT) || ((struct efer_64*)&(core->ctrl_regs.efer))->lma == 0;
+ out_of_bounds = (core->rip + rel_addr > core->segments.cs.base + core->segments.cs.limit ||
+ core->rip + rel_addr < core->segments.cs.base);
+
+ if (in_compat_no_long && out_of_bounds) {
+ v3_raise_exception(core, GPF_EXCEPTION);
+ return 0;
+ }
+
+ /* TODO: also raise GPF if we're in long mode and failcall isn't canonical */
+
/* set the tm_mode for this core */
v3_set_tm(tm);
TM_DBG(core,UD,"Set the system in TM Mode, save fallback address");
- // Save the fail_call address (first 2 bytes = opcode, last 4 = fail call addr)
- rel_addr = *(sint32_t*)(instr+2);
+
tm->fail_call = core->rip + XBEGIN_INSTR_LEN + rel_addr;
TM_DBG(core,UD,"we set fail_call to %llx, rip is %llx, rel_addr is %x", (uint64_t)tm->fail_call,(uint64_t)core->rip,rel_addr);
tm_handle_xtest (struct guest_info * core,
struct v3_trans_mem * tm)
{
+ struct rflags * rf = (struct rflags*)&(core->ctrl_regs.rflags);
+
// if we are in tm mode, set zf to 0, otherwise 1
if (tm->TM_MODE == TM_ON) {
- core->ctrl_regs.rflags &= ~(1ULL << 6);
+ rf->zf = 0;
} else {
- core->ctrl_regs.rflags |= (1ULL << 6);
+ rf->zf = 1;
}
+ rf->cf = 0;
+ rf->of = 0;
+ rf->sf = 0;
+ rf->pf = 0;
+ rf->af = 0;
+
core->rip += XTEST_INSTR_LEN;
return 0;
TM_DBG(core, UD, "Encountered Haswell-specific XABORT %x %x %d at %llx\n", byte1, byte2, byte3, (uint64_t)core->rip);
- if (tm_handle_xabort(core, tm) == -1) {
+ if (tm_handle_xabort(core, tm, instr) == -1) {
TM_ERR(core, UD, "Problem handling XABORT\n");
return -1;
}
}
else {
TM_DBG(info,EXCP,"aborting due to DE exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
case SVM_EXIT_EXCP1:
}
else {
TM_DBG(info,EXCP,"aborting due to DB exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
case SVM_EXIT_EXCP3:
}
else {
TM_DBG(info,EXCP,"aborting due to BP exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
case SVM_EXIT_EXCP4:
}
else {
TM_DBG(info,EXCP,"aborting due to OF exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
case SVM_EXIT_EXCP5:
}
else {
TM_DBG(info,EXCP,"aborting due to BR exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
case SVM_EXIT_EXCP7:
}
else {
TM_DBG(info,EXCP,"aborting due to NM exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
case SVM_EXIT_EXCP10:
}
else {
TM_DBG(info,EXCP,"aborting due to TS exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
case SVM_EXIT_EXCP11:
}
else {
TM_DBG(info,EXCP,"aborting due to NP exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
case SVM_EXIT_EXCP12:
}
else {
TM_DBG(info,EXCP,"aborting due to SS exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
case SVM_EXIT_EXCP13:
}
else {
TM_DBG(info,EXCP,"aborting due to GPF exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
case SVM_EXIT_EXCP16:
}
else {
TM_DBG(info,EXCP,"aborting due to MF exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
case SVM_EXIT_EXCP17:
}
else {
TM_DBG(info,EXCP,"aborting due to AC exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
case SVM_EXIT_EXCP19:
}
else {
TM_DBG(info,EXCP,"aborting due to XF exception\n");
- v3_handle_trans_abort(info);
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
}
break;
if (!tm) {
TM_ERR(info,INTR,"TM extension state not found\n");
- v3_stgi();
return;
}
- /* TODO: work this in */
- if (0 && (tm->TM_MODE == TM_ON) &&
- (tm->TM_ABORT != 1)) {
+ if ((tm->TM_MODE == TM_ON) &&
+ (tm->TM_ABORT != 1)) {
if (guest_ctrl->guest_ctrl.V_IRQ ||
guest_ctrl->EVENTINJ.valid) {
- rdtscll(tm->exit_time);
- TM_DBG(info,INTR,"%lld exits happened, time delta is %lld",(info->num_exits - tm->entry_exits),(tm->entry_time - tm->exit_time));
-
// We do indeed have pending interrupts
v3_stgi();
- TM_DBG(info,INTR,"we have a pending interrupt!\n");
- v3_handle_trans_abort(info);
+ TM_DBG(info,INTR,"we have a pending interrupt\n");
+
+ v3_handle_trans_abort(info, TM_ABORT_UNSPECIFIED, 0);
+
// Copy new RIP state into arch dependent structure
guest_state->rip = info->rip;
- TM_DBG(info,INTR,"currently guest state rip is %llx\n",(uint64_t)guest_state->rip);
+
+ //TM_DBG(info,INTR,"currently guest state rip is %llx\n",(uint64_t)guest_state->rip);
v3_clgi();
}
return 0;
}
+
