i#7585: Make -hw_cache_consistency usable on AArch64. (#7611)

There should be no change to the behaviour except when
-hw_cache_consistency is specified.

The sandboxing of self-modifying code, a significant piece of work, is
not yet implemented. Therefore, when -hw_cache_consistency is specified,
code that writes to its own page does not work correctly but other code
modifications should work, including modifying code without a cache
maintenance operation (issue #2055).

Issue: #2055, #7585

Author: egrimley-arm

core/arch/aarchxx/mangle.c

@@ -4025,7 +4025,26 @@ mangle_exclusive_monitor_op(dcontext_t *dcontext, instrlist_t *ilist, instr_t *i
     return next_instr;
 }
 
-/* END OF MANGLING ROUTINES
+/* END OF CONTROL-FLOW MANGLING ROUTINES
  *###########################################################################
  *###########################################################################
  */
+
+#ifdef ARCH_SUPPORTS_HW_CACHE_CONSISTENCY
+/* SELF-MODIFYING-CODE SANDBOXING
+ *
+ * When we detect it, we take an exit that targets our own routine
+ * fragment_self_write. Dispatch checks for that target and if it
+ * finds it, it calls that routine, so don't worry about building a bb
+ * for it. Returns false if the bb has invalid instrs or CTIs and
+ * should be rebuilt from scratch.
+ */
+bool
+insert_selfmod_sandbox(dcontext_t *dcontext, instrlist_t *ilist, uint flags,
+                       app_pc start_pc, app_pc end_pc, /* end is open */
+                       bool record_translation, bool for_cache)
+{
+    ASSERT_NOT_IMPLEMENTED(false); /* TODO i#7585 */
+    return true;
+}
+#endif /* ARCH_SUPPORTS_HW_CACHE_CONSISTENCY */

core/arch/arch.h

@@ -749,11 +749,14 @@ mangle_far_direct_jump(dcontext_t *dcontext, instrlist_t *ilist, instr_t *instr,
                        instr_t *next_instr, uint flags);
 void
 set_selfmod_sandbox_offsets(dcontext_t *dcontext);
+#endif /* X86 */
+
+#ifdef ARCH_SUPPORTS_HW_CACHE_CONSISTENCY
 bool
 insert_selfmod_sandbox(dcontext_t *dcontext, instrlist_t *ilist, uint flags,
                        app_pc start_pc, app_pc end_pc, /* end is open */
                        bool record_translation, bool for_cache);
-#endif /* X86 */
+#endif /* ARCH_SUPPORTS_HW_CACHE_CONSISTENCY */
 
 #ifdef ARM
 /* mangle the instruction that reads thread register */

core/arch/arch_exports.h

@@ -1872,4 +1872,9 @@ typedef struct _rseq_entry_state_t {
 #    define DCONTEXT_TLS_TO_ACTUAL_OFFSET(x) x
 #endif
 
+/* See INTERNAL_OPTION(hw_cache_consistency). */
+#if defined(AARCH64) || defined(X86)
+#    define ARCH_SUPPORTS_HW_CACHE_CONSISTENCY
+#endif
+
 #endif /* _ARCH_EXPORTS_H_ */

core/arch/interp.c

@@ -4472,7 +4472,7 @@ expand_should_set_translation(dcontext_t *dcontext)
 static bool
 mangle_bb_ilist(dcontext_t *dcontext, build_bb_t *bb)
 {
-#ifdef X86
+#ifdef ARCH_SUPPORTS_HW_CACHE_CONSISTENCY
     if (TEST(FRAG_SELFMOD_SANDBOXED, bb->flags)) {
         byte *selfmod_start, *selfmod_end;
         /* sandbox requires that bb have no direct cti followings!
@@ -4517,7 +4517,7 @@ mangle_bb_ilist(dcontext_t *dcontext, build_bb_t *bb)
         }
         STATS_INC(num_sandboxed_fragments);
     }
-#endif /* X86 */
+#endif /* ARCH_SUPPORTS_HW_CACHE_CONSISTENCY */
 
     /* We make "before mangling" level 5 b/c there's not much there (just final jmp)
      * beyond "after instrumentation".

core/arch/mangle_shared.c

@@ -1957,7 +1957,8 @@ d_r_mangle(dcontext_t *dcontext, instrlist_t *ilist, uint *flags DR_PARAM_INOUT,
 #endif
 
 #ifdef AARCH64
-        if (instr_is_icache_op(instr) && instr_is_app(instr)) {
+        if (!INTERNAL_OPTION(hw_cache_consistency) && instr_is_icache_op(instr) &&
+            instr_is_app(instr)) {
             next_instr = mangle_icache_op(dcontext, ilist, instr, next_instr,
                                           get_app_instr_xl8(instr) + AARCH64_INSTR_SIZE);
             continue;

core/dispatch.c

@@ -939,7 +939,11 @@ dispatch_enter_dynamorio(dcontext_t *dcontext)
 #endif
 
 #ifdef AARCH64
-        if (dcontext->last_exit == get_selfmod_linkstub()) {
+        if (!INTERNAL_OPTION(hw_cache_consistency) &&
+            dcontext->last_exit == get_selfmod_linkstub()) {
+            /* Software cache consistency: we are handling an ISB
+             * following some IC IVAU instructions.
+             */
             app_pc begin = (app_pc)dcontext->local_state->spill_space.r2;
             app_pc end = (app_pc)dcontext->local_state->spill_space.r3;
             dcontext->next_tag = (app_pc)dcontext->local_state->spill_space.r4;

core/unix/signal.c

@@ -4107,29 +4107,35 @@ transfer_from_sig_handler_to_fcache_return(dcontext_t *dcontext, kernel_ucontext
      */
     sc->SC_XIP = (ptr_uint_t)fcache_return_routine(dcontext);
 #if defined(AARCHXX) || defined(RISCV64)
-    /* We do not have to set dr_reg_stolen in dcontext's mcontext here
-     * because dcontext's mcontext is stale and we used the mcontext
-     * created from recreate_app_state_internal with the original sigcontext.
+    /* If !is_kernel_xfer then we have come here from main_signal_handler
+     * via check_for_modified_code and recreate_app_state_internal was
+     * called with just_pc so the stolen register still points at TLS.
      */
-    /* We restore dr_reg_stolen's app value in recreate_app_state_internal,
-     * so now we need set dr_reg_stolen to hold DR's TLS before sigreturn
-     * from DR's handler.
-     */
-    ASSERT(get_sigcxt_stolen_reg(sc) != (reg_t)*get_dr_tls_base_addr());
-    /* Preserve the translated value. */
-    dcontext->local_state->spill_space.reg_stolen = get_sigcxt_stolen_reg(sc);
-    /* Now put DR's base in the sigcontext. */
-    set_sigcxt_stolen_reg(sc, (reg_t)*get_dr_tls_base_addr());
+    if (is_kernel_xfer) {
+        /* We do not have to set dr_reg_stolen in dcontext's mcontext here
+         * because dcontext's mcontext is stale and we used the mcontext
+         * created from recreate_app_state_internal with the original sigcontext.
+         */
+        /* We restore dr_reg_stolen's app value in recreate_app_state_internal,
+         * so now we need set dr_reg_stolen to hold DR's TLS before sigreturn
+         * from DR's handler.
+         */
+        ASSERT(get_sigcxt_stolen_reg(sc) != (reg_t)*get_dr_tls_base_addr());
+        /* Preserve the translated value. */
+        dcontext->local_state->spill_space.reg_stolen = get_sigcxt_stolen_reg(sc);
+        /* Now put DR's base in the sigcontext. */
+        set_sigcxt_stolen_reg(sc, (reg_t)*get_dr_tls_base_addr());
 #    ifdef RISCV64
-    os_set_app_tls_base(dcontext, TLS_REG_LIB, (void *)get_sigcxt_tp_reg(sc));
-    /* Now put host tp in the sigcontext. */
-    set_sigcxt_tp_reg(sc, (reg_t)read_thread_register(TLS_REG_LIB));
+        os_set_app_tls_base(dcontext, TLS_REG_LIB, (void *)get_sigcxt_tp_reg(sc));
+        /* Now put host tp in the sigcontext. */
+        set_sigcxt_tp_reg(sc, (reg_t)read_thread_register(TLS_REG_LIB));
 #    endif
 
 #    ifdef ARM
-    /* We're going to our fcache_return gencode which uses DEFAULT_ISA_MODE */
-    set_pc_mode_in_cpsr(sc, DEFAULT_ISA_MODE);
+        /* We're going to our fcache_return gencode which uses DEFAULT_ISA_MODE */
+        set_pc_mode_in_cpsr(sc, DEFAULT_ISA_MODE);
 #    endif
+    }
 #endif
 
 #if defined(X64) || defined(ARM)