Mips64 support for syscalls2 and OSI_linux

Dockerfile

@@ -1,7 +1,7 @@
 ARG BASE_IMAGE="ubuntu:20.04"
 # Note PANDA supports ubuntu:22.04, but docker versions <= 20.10.7 can't run 22.04 containers
 
-ARG TARGET_LIST="x86_64-softmmu,i386-softmmu,arm-softmmu,ppc-softmmu,mips-softmmu,mipsel-softmmu,aarch64-softmmu"
+ARG TARGET_LIST="x86_64-softmmu,i386-softmmu,arm-softmmu,aarch64-softmmu,ppc-softmmu,mips-softmmu,mipsel-softmmu,mips64-softmmu"
 
 ### BASE IMAGE
 FROM $BASE_IMAGE as base
@@ -64,7 +64,7 @@ RUN git -C /panda submodule update --init dtc && \
         --prefix=/usr/local \
         --disable-numa \
         --enable-llvm && \
-    make -C /panda/build -j "$(nproc)"
+    (make -C /panda/build -j "$(nproc)" || make) # If multi-core make fails, remake once to give a good error at the end
 
 #### Develop setup: panda built + pypanda installed (in develop mode) - Stage 3
 FROM builder as developer

panda/plugins/asidstory/asidstory.cpp

@@ -772,10 +772,7 @@ bool init_plugin(void *self) {
     pcb.before_block_exec = asidstory_before_block_exec;
     panda_register_callback(self, PANDA_CB_BEFORE_BLOCK_EXEC, pcb);
 
-#if defined(TARGET_MIPS64)
-    fprintf(stderr, "[ERROR] asidstory: MIPS64 unsupported!\n");
-    return false;
-#elif defined(TARGET_PPC)
+#if defined(TARGET_PPC)
         fprintf(stderr, "[ERROR] asidstory: PPC architecture is not supported by syscalls2!\n");
         return false;
 #else

panda/plugins/dynamic_symbols/process_infopoints.cpp

@@ -61,11 +61,7 @@ void sys_mmap2_return()
     enable_analysis(ANALYSIS_SPECIFIC);
 }
 
-#ifdef TARGET_MIPS64
-void sys_mprotect_return(CPUState *cpu, target_ulong pc, uint32_t arg0, uint32_t arg1, uint32_t arg2)
-#else
 void sys_mprotect_return(CPUState *cpu, target_ulong pc, target_ulong arg0, uint32_t arg1, target_ulong arg2)
-#endif
 {
     enable_analysis(ANALYSIS_SPECIFIC);
 }
@@ -132,7 +128,8 @@ bool initialize_process_infopoints(void* self){
         PPP_REG_CB("syscalls2", on_sys_old_mmap_return, sys_old_mmap_return);
     #elif defined(TARGET_ARM)
         PPP_REG_CB("syscalls2", on_do_mmap2_return, sys_mmap_return);
-    #elif defined(TARGET_MIPS)
+    #elif defined(TARGET_MIPS) && !defined(TARGET_MIPS64)
+        // XXX No mips64 support since we don't have these syscalls
         PPP_REG_CB("syscalls2", on_sys_mmap_return, sys_mmap_return);
         PPP_REG_CB("syscalls2", on_mmap2_return, sys_mmap2_return);
     #endif

panda/plugins/hw_proc_id/hw_proc_id.cpp

@@ -26,36 +26,44 @@ void uninit_plugin(void *);
 #include "hw_proc_id_int_fns.h"
 }
 
+#ifdef TARGET_MIPS64
+uint64_t KERNEL_STACK_SIZE = 8192;  //8KB
+uint64_t STACK_MASK = ~(KERNEL_STACK_SIZE - 1);
+#else
+uint64_t STACK_MASK = (target_ptr_t)-1;
+#endif
 
-#ifdef TARGET_MIPS
+#if defined(TARGET_MIPS)
 target_ulong last_r28 = 0;
 bool initialized = false;
 
 /**
- * @brief Cache the last R28 observed while in kernel for MIPS
- * 
- * On MIPS in kernel mode r28 a pointer to the location of the current
- * task_struct. We need to cache this value for use in usermode. 
+ * @brief Cache the last R28 observed while in kernel for MIPS/MIPS64
+ *
+ * On MIPS/MIPS64 in kernel mode, r28 points to the location of the current
+ * task_struct. We need to cache this value for use in usermode.
  */
-inline void check_cache_r28(CPUState *cpu){
-  if (panda_in_kernel(cpu) && unlikely(((CPUMIPSState*)cpu->env_ptr)->active_tc.gpr[28] != last_r28)) {
-      target_ulong potential = ((CPUMIPSState*)cpu->env_ptr)->active_tc.gpr[28];
-      // XXX: af: While in kernel mode, r28 may be used to contain non-pointer 
-      // values
-      // make sure we don't cache one of those so we check if r28 contains 
-      // a pointer to kernel memory
-        if (likely(address_in_kernel_code_linux(potential))) {
-            last_r28 = potential;
-            initialized = true;
-        }
+inline void check_cache_r28(CPUState *cpu) {
+  CPUMIPSState *mips_env = (CPUMIPSState *)cpu->env_ptr;
+  target_ulong r28_value = mips_env->active_tc.gpr[28] & STACK_MASK;
+  if (panda_in_kernel(cpu) && unlikely(r28_value != last_r28)) {
+    // XXX: af: While in kernel mode, r28 may be used to contain non-pointer
+    // values
+    // Make sure we don't cache one of those, so we check if r28 contains
+    // a pointer to kernel memory
+    if (likely(address_in_kernel_code_linux(r28_value))) {
+      last_r28 = r28_value;
+      initialized = true;
+    }
   }
 }
 
 void r28_cache(CPUState *cpu, TranslationBlock *tb) {
-  check_cache_r28(cpu);
+    check_cache_r28(cpu);
 }
 #endif
 
+
 /**
  * @brief Returns true if all prerequisite values to determine hwid cached.
  * 

panda/plugins/osi_linux/default_profile.cpp

@@ -29,7 +29,7 @@ target_ptr_t default_get_current_task_struct(CPUState *cpu)
             //via the thread_info struct, the default call to struct_get with the per_cpu_offset_0_addr can be incorrect
             err = struct_get(cpu, &ts, current_task_addr, 0);
             assert(err == struct_get_ret_t::SUCCESS && "failed to get current task struct");
-            fixupendian(ts);
+            fixupendian2(ts);
             return ts;
         } else {
             assert(false && "cannot use kernel version older than 3.7");
@@ -49,7 +49,7 @@ target_ptr_t default_get_current_task_struct(CPUState *cpu)
         //via the thread_info struct, the default call to struct_get with the per_cpu_offset_0_addr can be incorrect
         err = struct_get(cpu, &ts, current_task_addr, 0);
         assert(err == struct_get_ret_t::SUCCESS && "failed to get current task struct");
-        fixupendian(ts);
+        fixupendian2(ts);
         return ts;
 
     }
@@ -58,6 +58,7 @@ target_ptr_t default_get_current_task_struct(CPUState *cpu)
     // userspace clobbers it but kernel restores (somewhow?)
     // First field of struct is task - no offset needed
     current_task_addr = get_id(cpu); // HWID returned by hw_proc_id is the cached r28 value
+    OG_printf("Got current task struct at " TARGET_FMT_lx "\n", current_task_addr);
 
 #else // x86/64
     current_task_addr = ki.task.current_task_addr;
@@ -66,9 +67,10 @@ target_ptr_t default_get_current_task_struct(CPUState *cpu)
     //assert(err == struct_get_ret_t::SUCCESS && "failed to get current task struct");
     if (err != struct_get_ret_t::SUCCESS) {
       // Callers need to check if we return NULL!
+      OG_printf("Failed to read current task struct from task_addr with offset " TARGET_FMT_lx "\n", ki.task.per_cpu_offset_0_addr);
       return 0;
     }
-    fixupendian(ts);
+    fixupendian2(ts);
     return ts;
 }
 
@@ -80,7 +82,7 @@ target_ptr_t default_get_task_struct_next(CPUState *cpu, target_ptr_t task_struc
     struct_get_ret_t err;
     target_ptr_t tasks;
     err = struct_get(cpu, &tasks, task_struct, ki.task.tasks_offset);
-    fixupendian(tasks);
+    fixupendian2(tasks);
     assert(err == struct_get_ret_t::SUCCESS && "failed to get next task");
     return tasks-ki.task.tasks_offset;
 }
@@ -92,8 +94,9 @@ target_ptr_t default_get_group_leader(CPUState *cpu, target_ptr_t ts)
 {
     struct_get_ret_t err;
     target_ptr_t group_leader;
+    OG_printf("Getting group leader from task_struct at " TARGET_FMT_lx " with offset %x\n", ts, ki.task.group_leader_offset);
     err = struct_get(cpu, &group_leader, ts, ki.task.group_leader_offset);
-    fixupendian(group_leader);
+    fixupendian2(group_leader);
     assert(err == struct_get_ret_t::SUCCESS && "failed to get group leader for task");
     return group_leader;
 }

panda/plugins/osi_linux/endian_helpers.h

@@ -1,6 +1,15 @@
 // OSI Linux works with a bunch of pointers which we need to
 // flip if the guest/host endianness mismatch.
 //
+#pragma once
+
+static inline void fixupendian_impl(void* px, size_t size) {
+    if (size == 4) {
+        *(uint32_t*)px = bswap32(*(uint32_t*)px);
+    } else if (size == 8) {
+        *(uint64_t*)px = bswap64(*(uint64_t*)px);
+    }
+}
 
 #if defined(TARGET_WORDS_BIGENDIAN) != defined(HOST_WORDS_BIGENDIAN)
 // If guest and host endianness don't match:
@@ -11,11 +20,22 @@
 #define flipbadendian(x)       bswap32((target_ptr_t)x)
 #define flipbadendian64(x)     bswap64((uint64_t)x)
 
+#define fixupendian2(x) fixupendian_impl(&(x), sizeof(x))
+
+#define flipbadendian2(x) _Generic((x), \
+    uint32_t: bswap32((target_ptr_t)x), \
+    target_ptr_t: bswap32((target_ptr_t)x), \
+    uint64_t: bswap64((uint64_t)x) \
+)
+
 
 #else
 #define fixupendian(x)         {}
 #define fixupendian64(x)       {}
 #define flipbadendian(x)       x
 #define flipbadendian64(x)     x
+
+#define fixupendian2(x)         {}
+#define flipbadendian2(x)         {}
 #endif
 

panda/plugins/osi_linux/osi_linux.cpp

@@ -726,12 +726,7 @@ void restore_after_snapshot(CPUState* cpu) {
  */
 bool init_plugin(void *self) {
     // Register callbacks to the PANDA core.
-#if defined(TARGET_MIPS64)
-        printf("No OSI for mips64\n");
-        return false;
-#endif
-
-#if defined(TARGET_I386) || defined(TARGET_ARM) || (defined(TARGET_MIPS) && !defined(TARGET_MIPS64))
+#if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_MIPS)
     {
         // Whenever we load a snapshot, we need to find cpu offsets again
         // (particularly if KASLR is enabled) and we also may need to re-initialize
@@ -743,7 +738,7 @@ bool init_plugin(void *self) {
         assert(init_osi_api());
     }
 
-#if defined(TARGET_MIPS)
+#if defined(TARGET_MIPS) // 32 or 64 bit
         panda_require("hw_proc_id");
         assert(init_hw_proc_id_api());
 #endif

panda/plugins/osi_linux/osi_linux.h

@@ -32,6 +32,9 @@
 #include "hw_proc_id/hw_proc_id_ext.h"
 #endif
 
+#define OG_printf(...)
+//#define OG_printf(...) printf(__VA_ARGS__) // Uncomment for debugging
+
 extern struct kernelinfo ki;
 extern struct KernelProfile const *kernel_profile;
 
@@ -81,24 +84,24 @@ struct_get_ret_t struct_get(CPUState *cpu, T *v, target_ptr_t ptr, std::initiali
     while (true) {
         it++;
         if (it == offsets.end()) break;
-        //printf("\tDereferenced 0x%x (offset 0x%lx) to get ", ptr, o);
+        OG_printf("\tDereferenced 0x" TARGET_FMT_lx" (offset 0x" TARGET_FMT_lx ") to get ", ptr, o);
         auto r = struct_get(cpu, &ptr, ptr, o);
         if (r != struct_get_ret_t::SUCCESS) {
-            //printf("ERROR\n");
+            OG_printf("ERROR\n");
             memset((uint8_t *)v, 0, sizeof(T));
             return r;
         }
         o = *it;
         // We just read a pointer so we may need to fix its endianness
         if (sizeof(T) == 4) fixupendian(ptr); // XXX wrong for 64-bit guests
-        //printf("0x%x\n", ptr);
+        OG_printf("0x" TARGET_FMT_lx "\n", ptr);
     }
 
     // last item is read using the size of the type of v
     // this isn't a pointer so there's no need to fix its endianness
     auto ret = struct_get(cpu, v, ptr, o); // deref ptr into v, result in ret
     fixupendian(*v);
-    //printf("Struct_get final 0x%x => 0x%x\n", ptr, *v);
+    OG_printf("Struct_get final 0x" TARGET_FMT_lx " => 0x " TARGET_FMT_lx "\n", ptr, *v);
     return ret;
 }
 #endif
@@ -169,8 +172,6 @@ static inline _retType2 _name(CPUState* env, target_ptr_t _paramName) { \
 #define OG_SUCCESS 0
 #define OG_ERROR_MEMORY -1
 #define OG_ERROR_DEREF -2
-#define OG_printf(...)
-//#define OG_printf(...) printf(__VA_ARGS__)
 
 /**
  * @brief IMPLEMENT_OFFSET_GETN is a macro for generating uniform

panda/plugins/proc_start_linux/proc_start_linux.cpp

@@ -325,10 +325,7 @@ void execveat_cb (CPUState* cpu, target_ptr_t pc, int dfd, target_ptr_t filename
 
 bool init_plugin(void *self) {
     self_ptr = self;
-    #if defined(TARGET_MIPS64)
-        fprintf(stderr, "[ERROR] proc_start_linux: mips64 architecture not supported!\n");
-        return false;
-    #elif defined(TARGET_AARCH64)
+    #if defined(TARGET_AARCH64)
         fprintf(stderr, "[ERROR] proc_start_linux: aarch64 architecture not supported!\n");
         return false;
     #elif defined(TARGET_PPC)
@@ -355,7 +352,7 @@ bool init_plugin(void *self) {
 }
 
 void uninit_plugin(void *self) {
-#if defined(TARGET_PPC) or defined(TARGET_MIPS64)
+#if defined(TARGET_PPC)
 #else
 
     void* syscalls = panda_get_plugin_by_name("syscalls2");