yizhi-js-lib/favicon-trap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

handle 'bad ram pointer' case. this fixes issue #159

Browse Source
This commit is contained in:
Nguyen Anh Quynh
2015-09-29 18:22:22 +08:00
parent 976950d3c3
commit 4a42041a83
2 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
qemu/cputlb.c
View File

@ -39,7 +39,7 @@
static void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr); static void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr);
static bool tlb_is_dirty_ram(CPUTLBEntry *tlbe); static bool tlb_is_dirty_ram(CPUTLBEntry *tlbe);
static ram_addr_t qemu_ram_addr_from_host_nofail(struct uc_struct *uc, void *ptr); static bool qemu_ram_addr_from_host_nofail(struct uc_struct *uc, void *ptr, ram_addr_t *addr);
static void tlb_add_large_page(CPUArchState *env, target_ulong vaddr, static void tlb_add_large_page(CPUArchState *env, target_ulong vaddr,
target_ulong size); target_ulong size);
static void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr); static void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr);
@ -292,6 +292,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr)
int mmu_idx, page_index, pd; int mmu_idx, page_index, pd;
void *p; void *p;
MemoryRegion *mr; MemoryRegion *mr;
ram_addr_t ram_addr;
CPUState *cpu = ENV_GET_CPU(env1); CPUState *cpu = ENV_GET_CPU(env1);
page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
@ -321,18 +322,22 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr)
} }
} }
p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend); p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend);
return qemu_ram_addr_from_host_nofail(cpu->uc, p); if (!qemu_ram_addr_from_host_nofail(cpu->uc, p, &ram_addr)) {
env1->invalid_addr = addr;
env1->invalid_error = UC_ERR_FETCH_INVALID; // FIXME UC_ERR_FETCH_UNMAPPED
return -1;
} else
return ram_addr;
} }
static ram_addr_t qemu_ram_addr_from_host_nofail(struct uc_struct *uc, void *ptr) static bool qemu_ram_addr_from_host_nofail(struct uc_struct *uc, void *ptr, ram_addr_t *ram_addr)
{ {
ram_addr_t ram_addr; if (qemu_ram_addr_from_host(uc, ptr, ram_addr) == NULL) {
// fprintf(stderr, "Bad ram pointer %p\n", ptr);
if (qemu_ram_addr_from_host(uc, ptr, &ram_addr) == NULL) { return false;
fprintf(stderr, "Bad ram pointer %p\n", ptr);
abort();
} }
return ram_addr;
return true;
} }
static void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr) static void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)

5
tests/regress/bad_ram.py
View File

@ -20,7 +20,10 @@ class Hang(regress.RegressTest):
mu.mem_write(CODE_ADDR, binary1) mu.mem_write(CODE_ADDR, binary1)
mu.reg_write(UC_X86_REG_RSP, RSP_ADDR) mu.reg_write(UC_X86_REG_RSP, RSP_ADDR)
mu.emu_start(CODE_ADDR, CODE_ADDR + PAGE_SIZE, 0) try:
self.assertEqual(mu.emu_start(CODE_ADDR, CODE_ADDR + PAGE_SIZE, 0), UC_ERR_FETCH_INVALID)
except UcError as e:
print("ERROR: %s" % e)
if __name__ == '__main__': if __name__ == '__main__':