|
Packit |
b1f7ae |
; Copyright (c) 2014-2017, Intel Corporation
|
|
Packit |
b1f7ae |
;
|
|
Packit |
b1f7ae |
; Redistribution and use in source and binary forms, with or without
|
|
Packit |
b1f7ae |
; modification, are permitted provided that the following conditions are met:
|
|
Packit |
b1f7ae |
;
|
|
Packit |
b1f7ae |
; * Redistributions of source code must retain the above copyright notice,
|
|
Packit |
b1f7ae |
; this list of conditions and the following disclaimer.
|
|
Packit |
b1f7ae |
; * Redistributions in binary form must reproduce the above copyright notice,
|
|
Packit |
b1f7ae |
; this list of conditions and the following disclaimer in the documentation
|
|
Packit |
b1f7ae |
; and/or other materials provided with the distribution.
|
|
Packit |
b1f7ae |
; * Neither the name of Intel Corporation nor the names of its contributors
|
|
Packit |
b1f7ae |
; may be used to endorse or promote products derived from this software
|
|
Packit |
b1f7ae |
; without specific prior written permission.
|
|
Packit |
b1f7ae |
;
|
|
Packit |
b1f7ae |
; THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
Packit |
b1f7ae |
; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
Packit |
b1f7ae |
; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
Packit |
b1f7ae |
; ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
|
Packit |
b1f7ae |
; LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
Packit |
b1f7ae |
; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
Packit |
b1f7ae |
; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
Packit |
b1f7ae |
; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
Packit |
b1f7ae |
; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
Packit |
b1f7ae |
; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
Packit |
b1f7ae |
; POSSIBILITY OF SUCH DAMAGE.
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
; BDM64: An Incorrect LBR or Intel(R) Processor Trace Packet May Be
|
|
Packit |
b1f7ae |
; Recorded Following a Transactional Abort.
|
|
Packit |
b1f7ae |
;
|
|
Packit |
b1f7ae |
; Use of Intel(R) Transactional Synchronization Extensions (Intel(R) TSX)
|
|
Packit |
b1f7ae |
; may result in a transactional abort. If an abort occurs immediately
|
|
Packit |
b1f7ae |
; following a branch instruction, an incorrect branch target may be
|
|
Packit |
b1f7ae |
; logged in an LBR (Last Branch Record) or in an Intel(R) Processor Trace
|
|
Packit |
b1f7ae |
; (Intel(R) PT) packet before the LBR or Intel PT packet produced by the
|
|
Packit |
b1f7ae |
; abort.
|
|
Packit |
b1f7ae |
;
|
|
Packit |
b1f7ae |
; cpu 6/61
|
|
Packit |
b1f7ae |
; cpu 6/71
|
|
Packit |
b1f7ae |
; cpu 6/79
|
|
Packit |
b1f7ae |
; cpu 6/86
|
|
Packit |
b1f7ae |
;
|
|
Packit |
b1f7ae |
; Variant: conditional branch followed by another conditional branch to
|
|
Packit |
b1f7ae |
; tell us that we're on the wrong track.
|
|
Packit |
b1f7ae |
;
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
org 0x100000
|
|
Packit |
b1f7ae |
bits 64
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
; @pt p1: psb()
|
|
Packit |
b1f7ae |
; @pt p2: mode.exec(64bit)
|
|
Packit |
b1f7ae |
; @pt p3: mode.tsx(begin)
|
|
Packit |
b1f7ae |
; @pt p4: fup(3: %l1)
|
|
Packit |
b1f7ae |
; @pt p5: psbend()
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
l1: test [rax], rbx
|
|
Packit |
b1f7ae |
l2: je l5
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
; @pt p6: tnt(n)
|
|
Packit |
b1f7ae |
;
|
|
Packit |
b1f7ae |
; The branch destination is bad.
|
|
Packit |
b1f7ae |
;
|
|
Packit |
b1f7ae |
; There is no way for us to know this as long as we can reach the bad
|
|
Packit |
b1f7ae |
; branch destination without further Intel PT support.
|
|
Packit |
b1f7ae |
;
|
|
Packit |
b1f7ae |
; If we cannot reach it, however, we know that the branch was bad.
|
|
Packit |
b1f7ae |
;
|
|
Packit |
b1f7ae |
l3: nop
|
|
Packit |
b1f7ae |
l4: je l9
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
l5: hlt
|
|
Packit |
b1f7ae |
l6: hlt
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
; We immediately take an xabort from there
|
|
Packit |
b1f7ae |
;
|
|
Packit |
b1f7ae |
; @pt p7: mode.tsx(abort)
|
|
Packit |
b1f7ae |
; @pt p8: fup(1: %l5)
|
|
Packit |
b1f7ae |
; @pt p9: tip(1: %l7)
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
l7: nop
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
; @pt p10: fup(1: %l8)
|
|
Packit |
b1f7ae |
; @pt p11: tip.pgd(0: %l9)
|
|
Packit |
b1f7ae |
l8: nop
|
|
Packit |
b1f7ae |
l9: hlt
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
; @pt .exp(ptdump)
|
|
Packit |
b1f7ae |
;%0p1 psb
|
|
Packit |
b1f7ae |
;%0p2 mode.exec cs.l
|
|
Packit |
b1f7ae |
;%0p3 mode.tsx intx
|
|
Packit |
b1f7ae |
;%0p4 fup 3: %0l1
|
|
Packit |
b1f7ae |
;%0p5 psbend
|
|
Packit |
b1f7ae |
;%0p6 tnt.8 .
|
|
Packit |
b1f7ae |
;%0p7 mode.tsx abrt
|
|
Packit |
b1f7ae |
;%0p8 fup 1: %?l5.2
|
|
Packit |
b1f7ae |
;%0p9 tip 1: %?l7.2
|
|
Packit |
b1f7ae |
;%0p10 fup 1: %?l8.2
|
|
Packit |
b1f7ae |
;%0p11 tip.pgd 0: %?l9.0
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
|
|
Packit |
b1f7ae |
; @pt .exp(ptxed)
|
|
Packit |
b1f7ae |
;? %0l1 # test [rax], rbx
|
|
Packit |
b1f7ae |
;? %0l2 # je l5
|
|
Packit |
b1f7ae |
;[interrupt]
|
|
Packit |
b1f7ae |
;[aborted]
|
|
Packit |
b1f7ae |
;%0l7 # nop
|
|
Packit |
b1f7ae |
;[disabled]
|