x86: on self-modifying code, generate JIT code until end of block. this fixes issue #266

2025-02-25 04:36:55 +00:00 · 2015-11-16 21:55:42 +08:00 · 2015-11-16 21:55:42 +08:00 · edaea7020b
parent 331154551e
commit edaea7020b
3 changed files with 5 additions and 5 deletions
--- a/qemu/target-i386/translate.c
+++ b/qemu/target-i386/translate.c
@ -8360,6 +8360,8 @@ static inline void gen_intermediate_code_internal(uint8_t *gen_opc_cc_op,
    // done with initializing TCG variables
    env->uc->init_tcg = true;

+    pc_ptr = pc_start;
+
    // early check to see if the address of this block is the until address
    if (tb->pc == env->uc->addr_end) {
        // imitate the HLT instruction
@ -8367,17 +8369,15 @@ static inline void gen_intermediate_code_internal(uint8_t *gen_opc_cc_op,
        gen_jmp_im(dc, tb->pc - tb->cs_base);
        gen_helper_hlt(tcg_ctx, tcg_ctx->cpu_env, tcg_const_i32(tcg_ctx, 0));
        dc->is_jmp = DISAS_TB_JUMP;
-        pc_ptr = pc_start;
        goto done_generating;
    }

    gen_opc_end = tcg_ctx->gen_opc_buf + OPC_MAX_SIZE;

    dc->is_jmp = DISAS_NEXT;
-    pc_ptr = pc_start;
    lj = -1;
    max_insns = tb->cflags & CF_COUNT_MASK;
-    if (max_insns == 0)
+    if (max_insns <= 1)
        max_insns = CF_COUNT_MASK;

    // Unicorn: trace this block on request
@ -8460,7 +8460,6 @@ done_generating:

    if (!search_pc) {
        tb->size = pc_ptr - pc_start;
-        // tb->icount = num_insns;
    }

    env->uc->block_full = block_full;
--- a/qemu/translate-all.c
+++ b/qemu/translate-all.c
@ -1202,6 +1202,7 @@ void tb_invalidate_phys_page_range(struct uc_struct *uc, tb_page_addr_t start, t
                restore the CPU state */

                current_tb_modified = 1;
+                // self-modifying code will restore state from TB
                cpu_restore_state_from_tb(cpu, current_tb, cpu->mem_io_pc);
                cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
                                     &current_flags);
--- a/tests/regress/invalid_read_in_cpu_tb_exec.c
+++ b/tests/regress/invalid_read_in_cpu_tb_exec.c
@ -27,7 +27,7 @@ int main(int argc, char **argv, char **envp) {
  uc_hook hook;
  uc_hook_add(uc, &hook, UC_HOOK_BLOCK, hook_block, NULL, (uint64_t)1, (uint64_t)0);
  printf("uc_emu_start(…)\n");
-  uc_emu_start(uc, STARTING_ADDRESS, STARTING_ADDRESS + sizeof(BINARY) - 1, 0, 0);
+  uc_emu_start(uc, STARTING_ADDRESS, STARTING_ADDRESS + sizeof(BINARY) - 1, 0, 20);
  printf("done\n");
  return 0;
 }