From 4a42041a8308f5c354fc67e3694fc53c7fe0893a Mon Sep 17 00:00:00 2001 From: Nguyen Anh Quynh Date: Tue, 29 Sep 2015 18:22:22 +0800 Subject: [PATCH] handle 'bad ram pointer' case. this fixes issue #159 --- qemu/cputlb.c | 23 ++++++++++++++--------- tests/regress/bad_ram.py | 5 ++++- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/qemu/cputlb.c b/qemu/cputlb.c index b9b16e30..7439b78b 100644 --- a/qemu/cputlb.c +++ b/qemu/cputlb.c @@ -39,7 +39,7 @@ static void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr); static bool tlb_is_dirty_ram(CPUTLBEntry *tlbe); -static ram_addr_t qemu_ram_addr_from_host_nofail(struct uc_struct *uc, void *ptr); +static bool qemu_ram_addr_from_host_nofail(struct uc_struct *uc, void *ptr, ram_addr_t *addr); static void tlb_add_large_page(CPUArchState *env, target_ulong vaddr, target_ulong size); static void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr); @@ -292,6 +292,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr) int mmu_idx, page_index, pd; void *p; MemoryRegion *mr; + ram_addr_t ram_addr; CPUState *cpu = ENV_GET_CPU(env1); page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); @@ -321,18 +322,22 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr) } } p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend); - return qemu_ram_addr_from_host_nofail(cpu->uc, p); + if (!qemu_ram_addr_from_host_nofail(cpu->uc, p, &ram_addr)) { + env1->invalid_addr = addr; + env1->invalid_error = UC_ERR_FETCH_INVALID; // FIXME UC_ERR_FETCH_UNMAPPED + return -1; + } else + return ram_addr; } -static ram_addr_t qemu_ram_addr_from_host_nofail(struct uc_struct *uc, void *ptr) +static bool qemu_ram_addr_from_host_nofail(struct uc_struct *uc, void *ptr, ram_addr_t *ram_addr) { - ram_addr_t ram_addr; - - if (qemu_ram_addr_from_host(uc, ptr, &ram_addr) == NULL) { - fprintf(stderr, "Bad ram pointer %p\n", ptr); - abort(); + if (qemu_ram_addr_from_host(uc, ptr, ram_addr) == NULL) { + // fprintf(stderr, "Bad ram pointer %p\n", ptr); + return false; } - return ram_addr; + + return true; } static void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr) diff --git a/tests/regress/bad_ram.py b/tests/regress/bad_ram.py index 7693ccb9..a74fa495 100755 --- a/tests/regress/bad_ram.py +++ b/tests/regress/bad_ram.py @@ -20,7 +20,10 @@ class Hang(regress.RegressTest): mu.mem_write(CODE_ADDR, binary1) mu.reg_write(UC_X86_REG_RSP, RSP_ADDR) - mu.emu_start(CODE_ADDR, CODE_ADDR + PAGE_SIZE, 0) + try: + self.assertEqual(mu.emu_start(CODE_ADDR, CODE_ADDR + PAGE_SIZE, 0), UC_ERR_FETCH_INVALID) + except UcError as e: + print("ERROR: %s" % e) if __name__ == '__main__':