[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 16/26] disas/capstone: Fix monitor disassembly of >32 bytes
From: |
Peter Maydell |
Subject: |
[PULL 16/26] disas/capstone: Fix monitor disassembly of >32 bytes |
Date: |
Mon, 2 Nov 2020 17:09:55 +0000 |
If we're using the capstone disassembler, disassembly of a run of
instructions more than 32 bytes long disassembles the wrong data for
instructions beyond the 32 byte mark:
(qemu) xp /16x 0x100
0000000000000100: 0x00000005 0x54410001 0x00000001 0x00001000
0000000000000110: 0x00000000 0x00000004 0x54410002 0x3c000000
0000000000000120: 0x00000000 0x00000004 0x54410009 0x74736574
0000000000000130: 0x00000000 0x00000000 0x00000000 0x00000000
(qemu) xp /16i 0x100
0x00000100: 00000005 andeq r0, r0, r5
0x00000104: 54410001 strbpl r0, [r1], #-1
0x00000108: 00000001 andeq r0, r0, r1
0x0000010c: 00001000 andeq r1, r0, r0
0x00000110: 00000000 andeq r0, r0, r0
0x00000114: 00000004 andeq r0, r0, r4
0x00000118: 54410002 strbpl r0, [r1], #-2
0x0000011c: 3c000000 .byte 0x00, 0x00, 0x00, 0x3c
0x00000120: 54410001 strbpl r0, [r1], #-1
0x00000124: 00000001 andeq r0, r0, r1
0x00000128: 00001000 andeq r1, r0, r0
0x0000012c: 00000000 andeq r0, r0, r0
0x00000130: 00000004 andeq r0, r0, r4
0x00000134: 54410002 strbpl r0, [r1], #-2
0x00000138: 3c000000 .byte 0x00, 0x00, 0x00, 0x3c
0x0000013c: 00000000 andeq r0, r0, r0
Here the disassembly of 0x120..0x13f is using the data that is in
0x104..0x123.
This is caused by passing the wrong value to the read_memory_func().
The intention is that at this point in the loop the 'cap_buf' buffer
already contains 'csize' bytes of data for the instruction at guest
addr 'pc', and we want to read in an extra 'tsize' bytes. Those
extra bytes are therefore at 'pc + csize', not 'pc'. On the first
time through the loop 'csize' happens to be zero, so the initial read
of 32 bytes into cap_buf is correct and as long as the disassembly
never needs to read more data we return the correct information.
Use the correct guest address in the call to read_memory_func().
Cc: qemu-stable@nongnu.org
Fixes: https://bugs.launchpad.net/qemu/+bug/1900779
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20201022132445.25039-1-peter.maydell@linaro.org
---
disas/capstone.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/disas/capstone.c b/disas/capstone.c
index 0a9ef9c8927..7462c0e3053 100644
--- a/disas/capstone.c
+++ b/disas/capstone.c
@@ -286,7 +286,7 @@ bool cap_disas_monitor(disassemble_info *info, uint64_t pc,
int count)
/* Make certain that we can make progress. */
assert(tsize != 0);
- info->read_memory_func(pc, cap_buf + csize, tsize, info);
+ info->read_memory_func(pc + csize, cap_buf + csize, tsize, info);
csize += tsize;
if (cs_disasm_iter(handle, &cbuf, &csize, &pc, insn)) {
--
2.20.1
- [PULL 06/26] target/arm: Expand read/write_neon_element32 to all MemOp, (continued)
- [PULL 06/26] target/arm: Expand read/write_neon_element32 to all MemOp, Peter Maydell, 2020/11/02
- [PULL 05/26] target/arm: Add read/write_neon_element32, Peter Maydell, 2020/11/02
- [PULL 07/26] target/arm: Rename neon_load_reg32 to vfp_load_reg32, Peter Maydell, 2020/11/02
- [PULL 08/26] target/arm: Add read/write_neon_element64, Peter Maydell, 2020/11/02
- [PULL 09/26] target/arm: Rename neon_load_reg64 to vfp_load_reg64, Peter Maydell, 2020/11/02
- [PULL 11/26] target/arm: Improve do_prewiden_3d, Peter Maydell, 2020/11/02
- [PULL 12/26] target/arm: Fix float16 pairwise Neon ops on big-endian hosts, Peter Maydell, 2020/11/02
- [PULL 10/26] target/arm: Simplify do_long_3d and do_2scalar_long, Peter Maydell, 2020/11/02
- [PULL 13/26] target/arm: Fix VUDOT/VSDOT (scalar) on big-endian hosts, Peter Maydell, 2020/11/02
- [PULL 17/26] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363), Peter Maydell, 2020/11/02
- [PULL 16/26] disas/capstone: Fix monitor disassembly of >32 bytes,
Peter Maydell <=
- [PULL 19/26] hw/display/omap_lcdc: Fix potential NULL pointer dereference, Peter Maydell, 2020/11/02
- [PULL 15/26] target/arm: fix LORID_EL1 access check, Peter Maydell, 2020/11/02
- [PULL 18/26] hw/arm/boot: fix SVE for EL3 direct kernel boot, Peter Maydell, 2020/11/02
- [PULL 14/26] target/arm: fix handling of HCR.FB, Peter Maydell, 2020/11/02
- [PULL 20/26] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference, Peter Maydell, 2020/11/02
- [PULL 21/26] target/arm: Get correct MMU index for other-security-state, Peter Maydell, 2020/11/02
- [PULL 23/26] hw/intc/arm_gicv3_cpuif: Make GIC maintenance interrupts work, Peter Maydell, 2020/11/02
- [PULL 22/26] configure: Test that gio libs from pkg-config work, Peter Maydell, 2020/11/02
- [PULL 25/26] qemu-option-trace.rst.inc: Don't use option:: markup, Peter Maydell, 2020/11/02
- [PULL 24/26] scripts/kerneldoc: For Sphinx 3 use c:macro for macros with arguments, Peter Maydell, 2020/11/02