From patchwork Mon Nov 2 17:09:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 320337 Delivered-To: patch@linaro.org Received: by 2002:a92:7b12:0:0:0:0:0 with SMTP id w18csp3903603ilc; Mon, 2 Nov 2020 09:23:57 -0800 (PST) X-Google-Smtp-Source: ABdhPJz0OqlhlBBgdrgIqyw8vRRi315mTOQ4UnqXCc/LTgWjmTdCoH7bOuR1nsuz4BXQ/WMPpgRh X-Received: by 2002:ac8:71d5:: with SMTP id i21mr15614726qtp.365.1604337836944; Mon, 02 Nov 2020 09:23:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604337836; cv=none; d=google.com; s=arc-20160816; b=tB2LNcUwu8AKXAYEIPCo1Aw42+l8HZ9JlEKWt9zMhQcdUUm50Ip9wyfxkkIl83It/L YNCTSxbEvbxHoFdQyfv+6mQMqUwUinFQytq19zkY0798vtVfCnNel2PI2YqpEuZbCdOr 0klhOo85oXK8QooJGWyIL7muZdZeWxQm+dPBN4pNL4ist0GebDht0BrAWIuIJAfitiqt 0njdQWKD6AVW9CXHXWh39OpVDCFUVHB9SPHEQiJTakILjCxlQNYKXC9I/Vm6ROozCO42 uGsc783fSYd3YNcXQkVm1ptFq2vVYja8I3yovATy4wpnYvjRYV/aMzwrz43+RY/ygPW0 XZYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=bg1yVgXIhU8cNkSuYiD5wujRWcjW+EPEExJMC8FO3EU=; b=KLLQrnRT1YeR+P7bh7ebK7Lz7P+Cwhzq2Vz0lsauPVSiXqdyel/0ZcExNh5DBNoPKE CKonbg6WSPsdZg6Uf8RSiBHLxcwBgVA6qOiCI1AzQtcZLkvGqvPlTlXykW4kebkx7QXv qod4ITT7FtTvdWc/jrBSZkZXw+U57RKyhi6tzRqkmJqvel3mcPkmTHeiFOIYcahVHHu0 +wKsdZys8mcgXJmeTllawAAVcLJv8hzaf2TUv0Qq4FM9ZWGmSGqz9DCpiRlijPUDnqoN ZkWZT1MkH9uImXFCR22JlYDY9u+Muj1wg9ieKL0yvvAmHpU30qqa8q9qFlWZmnjnelUj a9sg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FfItod38; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id h26si5105750qtq.371.2020.11.02.09.23.56 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 02 Nov 2020 09:23:56 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FfItod38; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:54532 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kZdYi-0001qs-FT for patch@linaro.org; Mon, 02 Nov 2020 12:23:56 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:53994) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kZdLv-00011m-Kr for qemu-devel@nongnu.org; Mon, 02 Nov 2020 12:10:43 -0500 Received: from mail-wm1-x332.google.com ([2a00:1450:4864:20::332]:50798) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kZdLr-0006bN-Jk for qemu-devel@nongnu.org; Mon, 02 Nov 2020 12:10:43 -0500 Received: by mail-wm1-x332.google.com with SMTP id 13so10160138wmf.0 for ; Mon, 02 Nov 2020 09:10:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=bg1yVgXIhU8cNkSuYiD5wujRWcjW+EPEExJMC8FO3EU=; b=FfItod380r8GFhUrvfdO2oC+R5iMdRkPL0yE9ITi01miSE5Vp6X+eIuAY8NBNSVzqd 49TzJgY1/hoGtbv64G95yJxSXzKMp97oubiV49ypDqHP0nwjgtvxzxshxGQDKFh3vxUo Su/xsouMu6IqytPsVCvEoJ4cSlgMGGN63LG4Kqu3Sr3MebQ3HA8w37mWEKGBPi/2HUPZ UO+iXfOCqSsLs5ioAnUJxXsP4CVKzGm/QsI77/MS9tbICAyRpuDoSnWW7dQ7DtS7tsQa plbh0ZYD1lazJi2/amU0N8R/n+EUGFtc8cT6ECV9boCZCdedhgNcyz1vyhGmyKmYVxlI Iw0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bg1yVgXIhU8cNkSuYiD5wujRWcjW+EPEExJMC8FO3EU=; b=hK6hUhW7qMDBkm8ILzScXZoV83qa/JYksOlkgdu4WS96qY4Dc/pdXDjEzJpmWufmMP gxLVfRgfkFm/AUhaAELChha98SYMsyZBwCdEOrflftiv7XB2ut3ZwkoXAcPc3CXQE2Pn q/dzswL4CxnNB/0B6ntcHseHnR0jXW94rDpJEyiKQX27GDqn5T9SCYnrLbIub+P0JLe5 6yL4id5yPlwjFbi93bfZwRBYu5SX5H3RaVAbZhAsSDlqCbpjXsI33O2yPX5nVSSm3mhp 6StsYBlvZheQTpanW9xPOTJdrTj/YYenjNBRC/S3O0Dq1MTCq/gH8Q94HGqIAqWORDoq nAQw== X-Gm-Message-State: AOAM532Nb7jhANhdv+dhnZYpYadePb+PRN9/YDaXLdkG0ul3kCaTMaZF ZGddOzyTDzlRCrBrhhN4nn/GAWyH17/CvA== X-Received: by 2002:a1c:f604:: with SMTP id w4mr19088691wmc.87.1604337036503; Mon, 02 Nov 2020 09:10:36 -0800 (PST) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id c18sm22396540wrt.10.2020.11.02.09.10.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Nov 2020 09:10:35 -0800 (PST) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 16/26] disas/capstone: Fix monitor disassembly of >32 bytes Date: Mon, 2 Nov 2020 17:09:55 +0000 Message-Id: <20201102171005.30690-17-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201102171005.30690-1-peter.maydell@linaro.org> References: <20201102171005.30690-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::332; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x332.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" If we're using the capstone disassembler, disassembly of a run of instructions more than 32 bytes long disassembles the wrong data for instructions beyond the 32 byte mark: (qemu) xp /16x 0x100 0000000000000100: 0x00000005 0x54410001 0x00000001 0x00001000 0000000000000110: 0x00000000 0x00000004 0x54410002 0x3c000000 0000000000000120: 0x00000000 0x00000004 0x54410009 0x74736574 0000000000000130: 0x00000000 0x00000000 0x00000000 0x00000000 (qemu) xp /16i 0x100 0x00000100: 00000005 andeq r0, r0, r5 0x00000104: 54410001 strbpl r0, [r1], #-1 0x00000108: 00000001 andeq r0, r0, r1 0x0000010c: 00001000 andeq r1, r0, r0 0x00000110: 00000000 andeq r0, r0, r0 0x00000114: 00000004 andeq r0, r0, r4 0x00000118: 54410002 strbpl r0, [r1], #-2 0x0000011c: 3c000000 .byte 0x00, 0x00, 0x00, 0x3c 0x00000120: 54410001 strbpl r0, [r1], #-1 0x00000124: 00000001 andeq r0, r0, r1 0x00000128: 00001000 andeq r1, r0, r0 0x0000012c: 00000000 andeq r0, r0, r0 0x00000130: 00000004 andeq r0, r0, r4 0x00000134: 54410002 strbpl r0, [r1], #-2 0x00000138: 3c000000 .byte 0x00, 0x00, 0x00, 0x3c 0x0000013c: 00000000 andeq r0, r0, r0 Here the disassembly of 0x120..0x13f is using the data that is in 0x104..0x123. This is caused by passing the wrong value to the read_memory_func(). The intention is that at this point in the loop the 'cap_buf' buffer already contains 'csize' bytes of data for the instruction at guest addr 'pc', and we want to read in an extra 'tsize' bytes. Those extra bytes are therefore at 'pc + csize', not 'pc'. On the first time through the loop 'csize' happens to be zero, so the initial read of 32 bytes into cap_buf is correct and as long as the disassembly never needs to read more data we return the correct information. Use the correct guest address in the call to read_memory_func(). Cc: qemu-stable@nongnu.org Fixes: https://bugs.launchpad.net/qemu/+bug/1900779 Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-id: 20201022132445.25039-1-peter.maydell@linaro.org --- disas/capstone.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.20.1 diff --git a/disas/capstone.c b/disas/capstone.c index 0a9ef9c8927..7462c0e3053 100644 --- a/disas/capstone.c +++ b/disas/capstone.c @@ -286,7 +286,7 @@ bool cap_disas_monitor(disassemble_info *info, uint64_t pc, int count) /* Make certain that we can make progress. */ assert(tsize != 0); - info->read_memory_func(pc, cap_buf + csize, tsize, info); + info->read_memory_func(pc + csize, cap_buf + csize, tsize, info); csize += tsize; if (cs_disasm_iter(handle, &cbuf, &csize, &pc, insn)) {