From nobody Sat May 18 18:58:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1603373171; cv=none; d=zohomail.com; s=zohoarc; b=JnFN15EE573m/LqkIw07CfSkLGwEaA/ruTw9H6wK/ZifDfaGOPYtQpZbJ0mRVLr/Ykua24DIkHAr1QXnEqOIntxf2hCOkoubEVZEwj/6ovEyUatj3f1ROymO7xA+6SctC+qTGGh6FtsubyViTf1ms9dIgkVVDYXPoQMPPtRVDRg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1603373171; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=/LpKtLRbxpCz3EwrDGeI6q7oF5uI3Zuu0uQQlFRPJQ0=; b=l4kNc28ae9jhYtxadHMRLwMwXbIIedc10gjuSU0XnUGHJlz09+usfOMVB2vlKm0rzv6hCr3TAz2RsCa/6to0CjRWvmz7RBjK0Mkk86SV2VFoRZmEwHzxISZ0KWPBWSyPiFHrgm5NIuG74fK7d/d2mOFzj3xO8FGsWaDMkYCJpis= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1603373171054691.0206513418996; Thu, 22 Oct 2020 06:26:11 -0700 (PDT) Received: from localhost ([::1]:39880 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kVabZ-0000hl-Kh for importer@patchew.org; Thu, 22 Oct 2020 09:26:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33948) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kVaaJ-0008IG-GO for qemu-devel@nongnu.org; Thu, 22 Oct 2020 09:24:51 -0400 Received: from mail-wm1-x342.google.com ([2a00:1450:4864:20::342]:36105) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kVaaG-0003Si-VA for qemu-devel@nongnu.org; Thu, 22 Oct 2020 09:24:50 -0400 Received: by mail-wm1-x342.google.com with SMTP id e2so2234797wme.1 for ; Thu, 22 Oct 2020 06:24:48 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t6sm4525632wre.30.2020.10.22.06.24.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Oct 2020 06:24:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=/LpKtLRbxpCz3EwrDGeI6q7oF5uI3Zuu0uQQlFRPJQ0=; b=vL3OWtiFCwbhrxb9oCn1xiLfmGVGxJlSxb68qEtJwc1diKNN1eTjI4EVUPo8DRftnL Vyew3lCaEVv7rc+cGM0A0S/pVQpJWu/+a2wIvdXhRtSrkIeepmpJamVKMknEdtIBF77q klQNSth9XlmScTOVpdaf4lS2Tlb69vsdRkE+2PzWrSrkRtalrzfxz3Cmr1Z8DngY4uXa //A1NNibe+G0Al/NF3O6jupFGmPD+VX9eZ1CSNt80sMTmGriL/1JyCOcFJFZpYUXFGAM Md2JOoSub18NjD1sRkW23Zuabojdz1WChSwPAdY4U1HaB1HL3E7UuO9JedByLRDdbAFB bUoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=/LpKtLRbxpCz3EwrDGeI6q7oF5uI3Zuu0uQQlFRPJQ0=; b=iC/tlizHiSwAwG9gFk/sLmL6MwUg6wne1r8X+WJosvos7hDs8KjBaCHJ7+I3+vkm8a NVeWLJH9vZLpdjnIX1xXCQfIHpnbUwNOEPj2ALHl0IMU2CjyEWRigXvNGPdQ+kpeWP3U JV29HFd/+NcJYk8GSlCgjsLG6BS2V6Ac+UdcfrVccnZUswT7CHL4iffyq87lN6Jabg0V 51xf0uz4f+ZiPWy7g3kcYJEzbnJUy4dFW3ZrFsJTktLN8as705X+G14awFyy4Pm06f30 3uudPRPxVknOw19wBsKtS+9DeRLuHU+FXDCnTG67c5mDRyEcZY90Db8UWdWJkdfwo0vq lFoQ== X-Gm-Message-State: AOAM532nua3nJt9HEVP+GVYUZfTm3jAeutc/3Ezhn8y09YO9Ku88o9Ne f4YWfHXWaZMwWeFQ5qlz/FtdWKEHqRktmQ== X-Google-Smtp-Source: ABdhPJyH56ubPsQwnQYRtk20Gz40snXekRSi5nNbaLBgV2zXxko7bOXswfF2uqdHa1smnG6UkbryfA== X-Received: by 2002:a1c:2ed3:: with SMTP id u202mr2600906wmu.85.1603373087215; Thu, 22 Oct 2020 06:24:47 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PATCH] disas/capstone: Fix monitor disassembly of >32 bytes Date: Thu, 22 Oct 2020 14:24:45 +0100 Message-Id: <20201022132445.25039-1-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::342; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x342.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Richard Henderson , qemu-stable@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" If we're using the capstone disassembler, disassembly of a run of instructions more than 32 bytes long disassembles the wrong data for instructions beyond the 32 byte mark: (qemu) xp /16x 0x100 0000000000000100: 0x00000005 0x54410001 0x00000001 0x00001000 0000000000000110: 0x00000000 0x00000004 0x54410002 0x3c000000 0000000000000120: 0x00000000 0x00000004 0x54410009 0x74736574 0000000000000130: 0x00000000 0x00000000 0x00000000 0x00000000 (qemu) xp /16i 0x100 0x00000100: 00000005 andeq r0, r0, r5 0x00000104: 54410001 strbpl r0, [r1], #-1 0x00000108: 00000001 andeq r0, r0, r1 0x0000010c: 00001000 andeq r1, r0, r0 0x00000110: 00000000 andeq r0, r0, r0 0x00000114: 00000004 andeq r0, r0, r4 0x00000118: 54410002 strbpl r0, [r1], #-2 0x0000011c: 3c000000 .byte 0x00, 0x00, 0x00, 0x3c 0x00000120: 54410001 strbpl r0, [r1], #-1 0x00000124: 00000001 andeq r0, r0, r1 0x00000128: 00001000 andeq r1, r0, r0 0x0000012c: 00000000 andeq r0, r0, r0 0x00000130: 00000004 andeq r0, r0, r4 0x00000134: 54410002 strbpl r0, [r1], #-2 0x00000138: 3c000000 .byte 0x00, 0x00, 0x00, 0x3c 0x0000013c: 00000000 andeq r0, r0, r0 Here the disassembly of 0x120..0x13f is using the data that is in 0x104..0x123. This is caused by passing the wrong value to the read_memory_func(). The intention is that at this point in the loop the 'cap_buf' buffer already contains 'csize' bytes of data for the instruction at guest addr 'pc', and we want to read in an extra 'tsize' bytes. Those extra bytes are therefore at 'pc + csize', not 'pc'. On the first time through the loop 'csize' happens to be zero, so the initial read of 32 bytes into cap_buf is correct and as long as the disassembly never needs to read more data we return the correct information. Use the correct guest address in the call to read_memory_func(). Cc: qemu-stable@nongnu.org Fixes: https://bugs.launchpad.net/qemu/+bug/1900779 Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- Note for qemu-stable: in 5.1 this function was in disas.c so the patch won't literally apply to it, but the same change in that file should be correct. --- disas/capstone.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/disas/capstone.c b/disas/capstone.c index 0a9ef9c8927..7462c0e3053 100644 --- a/disas/capstone.c +++ b/disas/capstone.c @@ -286,7 +286,7 @@ bool cap_disas_monitor(disassemble_info *info, uint64_t= pc, int count) =20 /* Make certain that we can make progress. */ assert(tsize !=3D 0); - info->read_memory_func(pc, cap_buf + csize, tsize, info); + info->read_memory_func(pc + csize, cap_buf + csize, tsize, info); csize +=3D tsize; =20 if (cs_disasm_iter(handle, &cbuf, &csize, &pc, insn)) { --=20 2.20.1