core: Rewrite thread local storage implementation (#118)

2025-05-21 02:45:00 +00:00 · 2024-05-01 13:38:41 +03:00 · 2024-05-01 13:38:41 +03:00 · 1b9bf924ca
commit 1b9bf924ca
parent b94efcba5a
11 changed files with 176 additions and 189 deletions
--- a/src/core/tls.cpp
+++ b/src/core/tls.cpp
@ -1,6 +1,7 @@
 // SPDX-FileCopyrightText: Copyright 2024 shadPS4 Emulator Project
 // SPDX-License-Identifier: GPL-2.0-or-later

+#include <xbyak/xbyak.h>
 #include "common/assert.h"
 #include "common/types.h"
 #include "core/tls.h"
@ -11,25 +12,18 @@

 namespace Core {

-thread_local u8 TLS[1024];
-
 struct TLSPattern {
-    uint8_t pattern[5];
-    uint8_t pattern_size;
-    uint8_t imm_size;
-    uint8_t target_reg;
+    u8 pattern[5];
+    u8 pattern_size;
+    u8 imm_size;
+    u8 target_reg;
 };

 constexpr static TLSPattern TlsPatterns[] = {
-    {{0x64, 0x48, 0xA1},
-     3,
-     8,
-     0}, // 64 48 A1 | 00 00 00 00 00 00 00 00 # mov rax, qword ptr fs:[64b imm]
-
-    {{0x64, 0x48, 0x8B, 0x4, 0x25},
-     5,
-     4,
-     0}, // 64 48 8B 04 25 | 00 00 00 00 # mov rax,qword ptr fs:[0]
+    // 64 48 A1 | 00 00 00 00 00 00 00 00 # mov rax, qword ptr fs:[64b imm]
+    {{0x64, 0x48, 0xA1}, 3, 8, 0},
+    // 64 48 8B 04 25 | 00 00 00 00 # mov rax,qword ptr fs:[0]
+    {{0x64, 0x48, 0x8B, 0x4, 0x25}, 5, 4, 0},   // rax
    {{0x64, 0x48, 0x8B, 0xC, 0x25}, 5, 4, 1},   // rcx
    {{0x64, 0x48, 0x8B, 0x14, 0x25}, 5, 4, 2},  // rdx
    {{0x64, 0x48, 0x8B, 0x1C, 0x25}, 5, 4, 3},  // rbx
@ -47,103 +41,28 @@ constexpr static TLSPattern TlsPatterns[] = {
    {{0x64, 0x4C, 0x8B, 0x3C, 0x25}, 5, 4, 15}, // r15
 };

-uintptr_t GetGuestTls(s64 tls_offset) {
-    if (tls_offset == 0) {
-        return reinterpret_cast<uintptr_t>(TLS);
-    }
-    UNREACHABLE_MSG("Unimplemented offset info tls");
+#ifdef _WIN32
+static DWORD slot = 0;
+
+void SetTLSStorage(u64 image_address) {
+    // Guest apps will use both positive and negative offsets to the TLS pointer.
+    // User data at probably in negative offsets, while pthread data at positive offset.
+    const BOOL result = TlsSetValue(slot, reinterpret_cast<LPVOID>(image_address));
+    ASSERT(result != 0);
 }

-#ifdef _WIN64
-static LONG WINAPI ExceptionHandler(PEXCEPTION_POINTERS pExp) noexcept {
-    auto orig_rip = pExp->ContextRecord->Rip;
-    while (*(u8*)pExp->ContextRecord->Rip == 0x66) {
-        pExp->ContextRecord->Rip++;
-    }
+void PatchTLS(u64 segment_addr, u64 segment_size, Xbyak::CodeGenerator& c) {
+    using namespace Xbyak::util;

-    if (*(u8*)pExp->ContextRecord->Rip == 0xcd) {
-        int reg = *(u8*)(pExp->ContextRecord->Rip + 1) - 0x80;
-        int sizes = *(u8*)(pExp->ContextRecord->Rip + 2);
-        int pattern_size = sizes & 0xF;
-        int imm_size = sizes >> 4;
-
-        int64_t tls_offset;
-        if (imm_size == 4) {
-            tls_offset = *(s32*)(pExp->ContextRecord->Rip + pattern_size);
-        } else {
-            tls_offset = *(s64*)(pExp->ContextRecord->Rip + pattern_size);
-        }
-
-        (&pExp->ContextRecord->Rax)[reg] = GetGuestTls(tls_offset); /* GetGuestTls */
-        pExp->ContextRecord->Rip += pattern_size + imm_size;
-
-        return EXCEPTION_CONTINUE_EXECUTION;
-    }
-
-    pExp->ContextRecord->Rip = orig_rip;
-    const u32 ec = pExp->ExceptionRecord->ExceptionCode;
-    switch (ec) {
-    case EXCEPTION_ACCESS_VIOLATION: {
-        LOG_CRITICAL(Core, "Exception EXCEPTION_ACCESS_VIOLATION ({:#x})", ec);
-        const auto info = pExp->ExceptionRecord->ExceptionInformation;
-        switch (info[0]) {
-        case 0:
-            LOG_CRITICAL(Core, "Read violation at address {:#x}", info[1]);
-            break;
-        case 1:
-            LOG_CRITICAL(Core, "Write violation at address {:#x}", info[1]);
-            break;
-        case 8:
-            LOG_CRITICAL(Core, "DEP violation at address {:#x}", info[1]);
-            break;
-        default:
-            break;
-        }
-        break;
-    }
-    case EXCEPTION_ARRAY_BOUNDS_EXCEEDED:
-        LOG_CRITICAL(Core, "Exception EXCEPTION_ARRAY_BOUNDS_EXCEEDED ({:#x})", ec);
-        break;
-    case EXCEPTION_DATATYPE_MISALIGNMENT:
-        LOG_CRITICAL(Core, "Exception EXCEPTION_DATATYPE_MISALIGNMENT ({:#x})", ec);
-        break;
-    case EXCEPTION_FLT_DIVIDE_BY_ZERO:
-        LOG_CRITICAL(Core, "Exception EXCEPTION_FLT_DIVIDE_BY_ZERO ({:#x})", ec);
-        break;
-    case EXCEPTION_ILLEGAL_INSTRUCTION:
-        LOG_CRITICAL(Core, "Exception EXCEPTION_ILLEGAL_INSTRUCTION ({:#x})", ec);
-        break;
-    case EXCEPTION_IN_PAGE_ERROR:
-        LOG_CRITICAL(Core, "Exception EXCEPTION_IN_PAGE_ERROR ({:#x})", ec);
-        break;
-    case EXCEPTION_INT_DIVIDE_BY_ZERO:
-        LOG_CRITICAL(Core, "Exception EXCEPTION_INT_DIVIDE_BY_ZERO ({:#x})", ec);
-        break;
-    case EXCEPTION_PRIV_INSTRUCTION:
-        LOG_CRITICAL(Core, "Exception EXCEPTION_PRIV_INSTRUCTION ({:#x})", ec);
-        break;
-    case EXCEPTION_STACK_OVERFLOW:
-        LOG_CRITICAL(Core, "Exception EXCEPTION_STACK_OVERFLOW ({:#x})", ec);
-        break;
-    default:
-        return EXCEPTION_CONTINUE_SEARCH;
-    }
-    return EXCEPTION_CONTINUE_SEARCH;
-}
-#endif
-
-void InstallTlsHandler() {
-#ifdef _WIN64
-    if (!AddVectoredExceptionHandler(0, ExceptionHandler)) {
-        LOG_CRITICAL(Core, "Failed to register an exception handler");
-    }
-#endif
-}
-
-void PatchTLS(u64 segment_addr, u64 segment_size) {
    u8* code = reinterpret_cast<u8*>(segment_addr);
    auto remaining_size = segment_size;

+    // Sometimes loads from the FS segment are prefixed with useless operand size prefix bytes like:
+    // |66 66 66| 64 48 8b 04 25 00 # mov rax, qword ptr fs:[0x0]
+    // These are probably ignored by the processor but when patching the instruction to a jump
+    // they cause issues. So look for them and patch them to nop to avoid problems.
+    static constexpr std::array<u8, 3> BadPrefix = {0x66, 0x66, 0x66};
+
    while (remaining_size) {
        for (const auto& tls_pattern : TlsPatterns) {
            const auto total_size = tls_pattern.pattern_size + tls_pattern.imm_size;
@ -153,18 +72,55 @@ void PatchTLS(u64 segment_addr, u64 segment_size) {
            if (std::memcmp(code, tls_pattern.pattern, tls_pattern.pattern_size) != 0) {
                continue;
            }
+            u64 offset = 0;
            if (tls_pattern.imm_size == 4) {
+                std::memcpy(&offset, code + tls_pattern.pattern_size, sizeof(u32));
                LOG_INFO(Core_Linker, "PATTERN32 FOUND at {}, reg: {} offset: {:#x}",
-                         fmt::ptr(code), tls_pattern.target_reg,
-                         *(u32*)(code + tls_pattern.pattern_size));
+                         fmt::ptr(code), tls_pattern.target_reg, offset);
            } else {
+                std::memcpy(&offset, code + tls_pattern.pattern_size, sizeof(u64));
                LOG_INFO(Core_Linker, "PATTERN64 FOUND at {}, reg: {} offset: {:#x}",
-                         fmt::ptr(code), tls_pattern.target_reg,
-                         *(u32*)(code + tls_pattern.pattern_size));
+                         fmt::ptr(code), tls_pattern.target_reg, offset);
            }
-            code[0] = 0xcd;
-            code[1] = 0x80 + tls_pattern.target_reg;
-            code[2] = tls_pattern.pattern_size | (tls_pattern.imm_size << 4);
+            ASSERT(offset == 0);
+
+            // Allocate slot in the process if not done already.
+            if (slot == 0) {
+                slot = TlsAlloc();
+            }
+
+            // Replace bogus instruction prefix with nops if it exists.
+            if (std::memcmp(code - BadPrefix.size(), BadPrefix.data(), sizeof(BadPrefix)) == 0) {
+                auto patch = Xbyak::CodeGenerator(BadPrefix.size(), code - BadPrefix.size());
+                patch.nop(BadPrefix.size());
+            }
+
+            // Replace mov instruction with near jump to the trampoline.
+            static constexpr u32 NearJmpSize = 5;
+            auto patch = Xbyak::CodeGenerator(total_size, code);
+            patch.jmp(c.getCurr(), Xbyak::CodeGenerator::LabelType::T_NEAR);
+            patch.nop(total_size - NearJmpSize);
+
+            // Write the trampoline.
+            // The following logic is based on the wine implementation of TlsGetValue
+            // https://github.com/wine-mirror/wine/blob/a27b9551/dlls/kernelbase/thread.c#L719
+            static constexpr u32 TlsSlotsOffset = 0x1480;
+            static constexpr u32 TlsExpansionSlotsOffset = 0x1780;
+            static constexpr u32 TlsMinimumAvailable = 64;
+            const u32 teb_offset =
+                slot < TlsMinimumAvailable ? TlsSlotsOffset : TlsExpansionSlotsOffset;
+            const u32 tls_index = slot < TlsMinimumAvailable ? slot : slot - TlsMinimumAvailable;
+
+            const auto target_reg = Xbyak::Reg64(tls_pattern.target_reg);
+            c.mov(target_reg, teb_offset);
+            c.putSeg(gs);
+            c.mov(target_reg, ptr[target_reg]); // Load the pointer to the table of tls slots.
+            c.mov(
+                target_reg,
+                qword[target_reg + tls_index * sizeof(LPVOID)]); // Load the pointer to our buffer.
+            c.jmp(code + total_size); // Return to the instruction right after the mov.
+
+            // Move ahead in module.
            code += total_size - 1;
            remaining_size -= total_size - 1;
            break;
@ -174,4 +130,16 @@ void PatchTLS(u64 segment_addr, u64 segment_size) {
    }
 }

+#else
+
+void SetTLSStorage(u64 image_address) {
+    UNREACHABLE_MSG("Thread local storage is unimplemented on posix platforms!");
+}
+
+void PatchTLS(u64 segment_addr, u64 segment_size, Xbyak::CodeGenerator& c) {
+    UNREACHABLE_MSG("Thread local storage is unimplemented on posix platforms!");
+}
+
+#endif
+
 } // namespace Core