mirrors/unicorn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check for TLB invalidation after read callback(s). (#1122)

Browse Source 
* Adding regression test for issue where writing memory into a read only segment during a access callback fails.

* Check for TLB invalidation when calling read callbacks;  Writes to read-only memory by the callback cause a TLB flush which requires a re-read of the TLB.
This commit is contained in:
Daniel Deptford 2019-08-22 02:54:24 -07:00 committed by Nguyen Anh Quynh
parent 8f0f77233d
commit bc572be472
2 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
qemu/softmmu_template.h
View File

@ -289,8 +289,11 @@ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr, int mmu_idx,
retaddr -= GETPC_ADJ; retaddr -= GETPC_ADJ;
/* If the TLB entry is for a different page, reload and try again. */ /* If the TLB entry is for a different page, reload and try again. */
/* If the TLB entry addend is invalidated by any callbacks (perhaps due to
a TLB flush), reload and try again. */
if ((addr & TARGET_PAGE_MASK) if ((addr & TARGET_PAGE_MASK)
!= (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) { != (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))
|| env->tlb_table[mmu_idx][index].addend == -1) {
#ifdef ALIGNED_ONLY #ifdef ALIGNED_ONLY
if ((addr & (DATA_SIZE - 1)) != 0) { if ((addr & (DATA_SIZE - 1)) != 0) {
//cpu_unaligned_access(ENV_GET_CPU(env), addr, READ_ACCESS_TYPE, //cpu_unaligned_access(ENV_GET_CPU(env), addr, READ_ACCESS_TYPE,
@ -517,8 +520,11 @@ WORD_TYPE helper_be_ld_name(CPUArchState *env, target_ulong addr, int mmu_idx,
retaddr -= GETPC_ADJ; retaddr -= GETPC_ADJ;
/* If the TLB entry is for a different page, reload and try again. */ /* If the TLB entry is for a different page, reload and try again. */
/* If the TLB entry addend is invalidated by any callbacks (perhaps due to
a TLB flush), reload and try again. */
if ((addr & TARGET_PAGE_MASK) if ((addr & TARGET_PAGE_MASK)
!= (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) { != (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))
|| env->tlb_table[mmu_idx][index].addend == -1) {
#ifdef ALIGNED_ONLY #ifdef ALIGNED_ONLY
if ((addr & (DATA_SIZE - 1)) != 0) { if ((addr & (DATA_SIZE - 1)) != 0) {
//cpu_unaligned_access(ENV_GET_CPU(env), addr, READ_ACCESS_TYPE, //cpu_unaligned_access(ENV_GET_CPU(env), addr, READ_ACCESS_TYPE,

30
tests/regress/hook_readonly_write_local.py Executable file
View File

@ -0,0 +1,30 @@
#!/usr/bin/python
from unicorn import *
from unicorn.x86_const import *
import regress
PAGE_SIZE = 4 * 1024
ACCESS_ADDR = 0x1000
# mov eax, [0x1000]
# mov eax, [0x1000]
CODE = b'\xA1\x00\x10\x00\x00\xA1\x00\x10\x00\x00'
def hook_mem_read(uc, access, address, size, value, data):
print("Reading at " + str(address))
uc.mem_write(address, CODE);
class REP(regress.RegressTest):
def test_rep(self):
mu = Uc(UC_ARCH_X86, UC_MODE_32)
mu.mem_map(0, PAGE_SIZE)
mu.mem_write(0, CODE)
mu.mem_map(ACCESS_ADDR, PAGE_SIZE, UC_PROT_READ);
mu.hook_add(UC_HOOK_MEM_READ, hook_mem_read, begin = ACCESS_ADDR, end = ACCESS_ADDR + PAGE_SIZE)
mu.emu_start(0, len(CODE))
if __name__ == '__main__':
regress.main()