-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Python Binding: Not yet support UC_HOOK_TLB_FILL? #2035
Comments
@elicn Would you like to add this? Or I can also help. |
Sure, let me look into this. |
Great to hear that! I'd compile it and try, but something just wrong.... def hook_tlb_fill(uc : Uc, access, address, size, value, user_data):
print(">>> TLB Fill at 0x%x, data size = %u" % (address, size))
uc.ctl_flush_tb()
# <Some other init>
mu = Uc(UC_ARCH_RISCV, UC_MODE_64)
mu.ctl_set_tlb_mode(UC_TLB_VIRTUAL)
mu.hook_add(UC_HOOK_TLB_FILL, hook_tlb_fill)
# <some init of memory and registers>
mu.emu_start(entry_point, code_end) And it just throw:
What should I do, please? |
What if you remove the hook? Is it still happening? |
No, it only happens when VIRTUAL and hook set. |
Your hook doesn't return a mapping, so the emulation will cause a pagefault. Also why do want to clean the translation buffer? |
I just test to see if it's needed to clear. (Learned the function from the wiki). I dont get any doc about what should the function return.... |
You should have a check for this file: https://github.com/unicorn-engine/unicorn/blob/master/samples/sample_mmu.c |
OK. But the problem seems to happen before the callback. It should call the callback at least one time, but i didnt see any output from the callback. I'd give a min PoC if needed. |
I'd found the problem. Please see the comment on the commit here. Also I used a wrong callback proto so it didn't get called. :-) |
Ah, snap.. I missed this. |
But there is still something strange. When I just set the paddr = vaddr and always return true in tlb callback, the first time it success and executed, but the second time it will throw UC_ERR_EXCEPTION. If not register the callback, all things go normally. I wonder what does the default callback (lets said it, i didn't dig into the source code) do when set VIRTUAL but not registering an callback. Edit: I had read the source code and it just set paddr to the page of vaddr directly, the same as what I do, if not registering the callback... |
Can you provide a full example for this behavior? |
Here is a min example: from unicorn import *
from unicorn.riscv_const import *
# The program in C; no read from memory after optimization
"""
int a[4096];
int b[4096];
int c[4096];
int start(){
for(int i =0;i<4096;i++){
a[i] = i;
b[i] = i*2;
c[i] = a[i] + b[i];
}
return 0;
}
"""
# Compiled with 'riscv64-unknown-elf-gcc -nostdlib -static -nostartfiles -O1'
# LD: .text = 0x2000, .stack (end) = 0x13000 (0x4000)
inst = b"-f\x13\x06\x06\x00\x8df\x93\x86\x06\x00\x1dg\x13\x07\x07\x00\x81E\x81G\x05h\x1c\xc2\x1b\x95\x17\x00\x88\xc2\x0c\xc3\x85'\x11\x06\x91\x06\x8d%\x11\x07\xe3\x96\x07\xff\x01E\x82\x80"
mu = Uc(UC_ARCH_RISCV, UC_MODE_RISCV64)
mu.mem_map(0x2000, 0x11000, UC_PROT_ALL) # Code + Data
mu.mem_write(0x2000, inst)
mu.reg_write(UC_RISCV_REG_RA, 0x2000 + len(inst)) # End of code
mu.reg_write(UC_RISCV_REG_SP, 0x13000) # Stack base
mu.hook_add(UC_HOOK_CODE, lambda uc, address, size, user_data: print("[C] 0x%x (0x%x)" %(address, size)))
def hook_tlb_fill(uc : Uc, vaddr, memtype, value, user_data) -> bool:
memtype_name_map = {
UC_MEM_FETCH: "FETCH",
UC_MEM_READ: "READ",
UC_MEM_WRITE: "WRITE",
UC_MEM_READ_UNMAPPED: "READ_UNMAPPED",
UC_MEM_WRITE_UNMAPPED: "WRITE_UNMAPPED",
UC_MEM_FETCH_UNMAPPED: "FETCH_UNMAPPED",
UC_MEM_READ_PROT: "READ_PROT",
UC_MEM_WRITE_PROT: "WRITE_PROT",
UC_MEM_FETCH_PROT: "FETCH_PROT",
UC_MEM_READ_AFTER: "READ_AFTER",
}
print(">>> TLB Fill at 0x%x with memtype %s" % (vaddr, memtype_name_map[memtype]))
value.paddr = vaddr & ~0xFFF
value.perm = UC_PROT_ALL
print(">>> TLB Fill success: paddr = 0x%x, perm = %d" % (value.paddr, value.perm))
return True
mu.ctl_set_tlb_mode(UC_TLB_VIRTUAL)
mu.hook_add(UC_HOOK_TLB_FILL, hook_tlb_fill)
mu.emu_start(0x2000, 0x2000 + len(inst)) Sample output:
Running on Windows 11 23H2 with 3.11.10, unicorn build dev. |
Any Idea? |
Solved. Mistake in 'perm'. should be 'perms'. |
I'd installed version 2.1.1
When using hook_add, it just throw a exception. I digged into it and there is no impl of UC_HOOK_TLB_FILL.
But the defination is in const...
The text was updated successfully, but these errors were encountered: