jannau/gist:eaa1baa11ae615cc74293912d5c6c71c Secret

## gistfile1.txt
diff --git a/proxyclient/hv.py b/proxyclient/hv.py
index 0985002..8355adb 100644
--- a/proxyclient/hv.py
+++ b/proxyclient/hv.py
@@ -586,8 +586,11 @@ class HV:
             ("/arm-io/aic", False),
             ("/arm-io/spi1", False),
             ("/arm-io/pmgr", False),
-            ("/arm-io/gfx-asc", True),
-            ("/arm-io/sgx", True),
+            ("/arm-io/gfx-asc", False),
+            ("/arm-io/sgx", False),
+            ("/arm-io/pmp", False),
+            ("/arm-io/usb-drd1", True),
+            ("/arm-io/atc-phy1", True),
         ):
             node = self.adt[path]
             for index in range(len(node.reg)):
@@ -610,6 +613,12 @@ class HV:
                     print(f"Pass:  0x{addr:x} [0x{size:x}] ({path})")
                     self.map_hw(addr, addr, size)

+        # trace irq source
+        node = self.adt["arm-io/aic"]
+        addr, size = node.get_reg(0)
+        addr += 0x2004
+        self.map_sw(addr, addr | self.SPTE_TRACE_READ, 4)
+
         # Sync PMGR stuff
         #self.map_sw(0x2_3b700000,
                     #0x2_3b700000 | self.SPTE_TRACE_READ | self.SPTE_TRACE_WRITE | self.SPTE_SYNC_TRACE,
@@ -627,7 +636,7 @@ class HV:
             print(f"R {base:x}+{off:x}:{width} = 0x{data:x} -> 0x{ret:x}")
             return ret

-        for addr in (0x23b700420, 0x23d280098, 0x23d280088, 0x23d280090):
+        for addr in (0x23b700420, 0x23d280098, 0x23d280088):
             self.map_hook(addr, 4, write=wh, read=rh)

         hcr = HCR(self.u.mrs(HCR_EL2))
@@ -683,7 +692,7 @@ class HV:

         if self.iodev in (IODEV.USB0, IODEV.USB1):
             idx = int(str(self.iodev)[-1])
-            for idx in (0, 1):
+            for idx in (0, ):
                 for prefix in ("/arm-io/dart-usb%d",
                             "/arm-io/atc-phy%d",
                             "/arm-io/usb-drd%d",
diff --git a/src/hv_vm.c b/src/hv_vm.c
index 6c03482..a210796 100644
--- a/src/hv_vm.c
+++ b/src/hv_vm.c
@@ -824,6 +824,28 @@ bool hv_handle_dabort(u64 *regs)
         }

         hv_wdt_breadcrumb('7');
+
+        if (pte & SPTE_TRACE_READ) {
+            if (ipa == 0x23b100000 + 0x2004) {
+                u32 type = *val >> 16;
+                u32 num = *val & 0xFFFF;
+                if (type != 1) {
+                    pte = pte & ~SPTE_TRACE_READ;
+                }
+                switch (num) {
+                case 816: // [[fallthrough]]
+                case 857: // [[fallthrough]]
+                case 858: // [[fallthrough]]
+                case 859: // [[fallthrough]]
+                case 860:
+                    break;
+                default:
+                    pte = pte & ~SPTE_TRACE_READ;
+                    break;
+                }
+            }
+        }
+
         if (pte & SPTE_TRACE_READ)
             emit_mmiotrace(elr, ipa, val, width, 0, pte & SPTE_SYNC_TRACE);
	diff --git a/proxyclient/hv.py b/proxyclient/hv.py
	index 0985002..8355adb 100644
	--- a/proxyclient/hv.py
	+++ b/proxyclient/hv.py
	@@ -586,8 +586,11 @@ class HV:
	("/arm-io/aic", False),
	("/arm-io/spi1", False),
	("/arm-io/pmgr", False),
	- ("/arm-io/gfx-asc", True),
	- ("/arm-io/sgx", True),
	+ ("/arm-io/gfx-asc", False),
	+ ("/arm-io/sgx", False),
	+ ("/arm-io/pmp", False),
	+ ("/arm-io/usb-drd1", True),
	+ ("/arm-io/atc-phy1", True),
	):
	node = self.adt[path]
	for index in range(len(node.reg)):
	@@ -610,6 +613,12 @@ class HV:
	print(f"Pass: 0x{addr:x} [0x{size:x}] ({path})")
	self.map_hw(addr, addr, size)

	+ # trace irq source
	+ node = self.adt["arm-io/aic"]
	+ addr, size = node.get_reg(0)
	+ addr += 0x2004
	+ self.map_sw(addr, addr \| self.SPTE_TRACE_READ, 4)
	+
	# Sync PMGR stuff
	#self.map_sw(0x2_3b700000,
	#0x2_3b700000 \| self.SPTE_TRACE_READ \| self.SPTE_TRACE_WRITE \| self.SPTE_SYNC_TRACE,
	@@ -627,7 +636,7 @@ class HV:
	print(f"R {base:x}+{off:x}:{width} = 0x{data:x} -> 0x{ret:x}")
	return ret

	- for addr in (0x23b700420, 0x23d280098, 0x23d280088, 0x23d280090):
	+ for addr in (0x23b700420, 0x23d280098, 0x23d280088):
	self.map_hook(addr, 4, write=wh, read=rh)

	hcr = HCR(self.u.mrs(HCR_EL2))
	@@ -683,7 +692,7 @@ class HV:

	if self.iodev in (IODEV.USB0, IODEV.USB1):
	idx = int(str(self.iodev)[-1])
	- for idx in (0, 1):
	+ for idx in (0, ):
	for prefix in ("/arm-io/dart-usb%d",
	"/arm-io/atc-phy%d",
	"/arm-io/usb-drd%d",
	diff --git a/src/hv_vm.c b/src/hv_vm.c
	index 6c03482..a210796 100644
	--- a/src/hv_vm.c
	+++ b/src/hv_vm.c
	@@ -824,6 +824,28 @@ bool hv_handle_dabort(u64 *regs)
	}

	hv_wdt_breadcrumb('7');
	+
	+ if (pte & SPTE_TRACE_READ) {
	+ if (ipa == 0x23b100000 + 0x2004) {
	+ u32 type = *val >> 16;
	+ u32 num = *val & 0xFFFF;
	+ if (type != 1) {
	+ pte = pte & ~SPTE_TRACE_READ;
	+ }
	+ switch (num) {
	+ case 816: // [[fallthrough]]
	+ case 857: // [[fallthrough]]
	+ case 858: // [[fallthrough]]
	+ case 859: // [[fallthrough]]
	+ case 860:
	+ break;
	+ default:
	+ pte = pte & ~SPTE_TRACE_READ;
	+ break;
	+ }
	+ }
	+ }
	+
	if (pte & SPTE_TRACE_READ)
	emit_mmiotrace(elr, ipa, val, width, 0, pte & SPTE_SYNC_TRACE);