add uc_virtuall_to_physical

this allows to lookup the mmu state of uc

Author: PhilippTakacs

include/uc_priv.h

@@ -83,6 +83,9 @@ typedef bool (*uc_read_mem_t)(AddressSpace *as, hwaddr addr, uint8_t *buf,
 typedef bool (*uc_read_mem_virtual_t)(struct uc_struct *uc, vaddr addr,
                                       uint32_t prot, uint8_t *buf, int len);
 
+typedef bool (*uc_virtual_to_physical_t)(struct uc_struct *uc, vaddr addr,
+                                      uint32_t prot, uint64_t *res);
+
 typedef MemoryRegion *(*uc_mem_cow_t)(struct uc_struct *uc,
                                       MemoryRegion *current, hwaddr begin,
                                       size_t size);
@@ -280,6 +283,7 @@ struct uc_struct {
     uc_write_mem_t write_mem;
     uc_read_mem_t read_mem;
     uc_read_mem_virtual_t read_mem_virtual;
+    uc_virtual_to_physical_t virtual_to_physical;
     uc_mem_cow_t memory_cow;
     uc_args_void_t release;  // release resource when uc_close()
     uc_args_uc_u64_t set_pc; // set PC for tracecode

include/unicorn/unicorn.h

@@ -954,6 +954,21 @@ UNICORN_EXPORT
 uc_err uc_mem_read_virtual(uc_engine *uc, uint64_t address, uint32_t prot,
                            void *bytes, size_t size);
 
+/*
+ Translate a virtuall address to a physical address
+
+ @uc:
+ @address:  virtual address to translate
+ @prot:     The access type for the tlb lookup
+ @paddress: A pointer to store the result
+
+ @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum
+   for detailed error).
+*/
+UNICORN_EXPORT
+uc_err uc_virtual_to_physical(uc_engine *uc, uint64_t address, uint32_t prot,
+                              uint64_t *paddress);
+
 /*
  Emulate machine code in a specific duration of time.
 

qemu/aarch64.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_aarch64
 #define probe_access probe_access_aarch64
 #define tlb_vaddr_to_host tlb_vaddr_to_host_aarch64
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_aarch64
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_aarch64
 #define helper_le_lduw_mmu helper_le_lduw_mmu_aarch64
 #define helper_be_lduw_mmu helper_be_lduw_mmu_aarch64

qemu/accel/tcg/cputlb.c

@@ -1296,6 +1296,53 @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
     return (void *)((uintptr_t)addr + entry->addend);
 }
 
+bool tlb_vaddr_to_paddr(CPUArchState *env, abi_ptr addr,
+                        MMUAccessType access_type, int mmu_idx, target_ulong *paddr)
+{
+    struct uc_struct *uc = env->uc;
+    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
+    target_ulong tlb_addr, page;
+    size_t elt_ofs = 0;
+
+    switch (access_type) {
+    case MMU_DATA_LOAD:
+        elt_ofs = offsetof(CPUTLBEntry, addr_read);
+        break;
+    case MMU_DATA_STORE:
+        elt_ofs = offsetof(CPUTLBEntry, addr_write);
+        break;
+    case MMU_INST_FETCH:
+        elt_ofs = offsetof(CPUTLBEntry, addr_code);
+        break;
+    default:
+        g_assert_not_reached();
+    }
+
+    page = addr & TARGET_PAGE_MASK;
+    tlb_addr = tlb_read_ofs(entry, elt_ofs);
+
+    if (!tlb_hit_page(uc, tlb_addr, page)) {
+        uintptr_t index = tlb_index(env, mmu_idx, addr);
+
+        if (!victim_tlb_hit(env, mmu_idx, index, elt_ofs, page)) {
+            CPUState *cs = env_cpu(env);
+            CPUClass *cc = CPU_GET_CLASS(cs);
+
+            if (!cc->tlb_fill(cs, addr, 0, access_type, mmu_idx, true, 0)) {
+                /* Non-faulting page table read failed.  */
+                return false;
+            }
+
+            /* TLB resize via tlb_fill may have moved the entry.  */
+            entry = tlb_entry(env, mmu_idx, addr);
+        }
+        tlb_addr = tlb_read_ofs(entry, elt_ofs);
+    }
+
+    *paddr = entry->paddr | (addr & ~TARGET_PAGE_MASK);
+    return true;
+}
+
 void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
                         MMUAccessType access_type, int mmu_idx)
 {

qemu/arm.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_arm
 #define probe_access probe_access_arm
 #define tlb_vaddr_to_host tlb_vaddr_to_host_arm
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_arm
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_arm
 #define helper_le_lduw_mmu helper_le_lduw_mmu_arm
 #define helper_be_lduw_mmu helper_be_lduw_mmu_arm

qemu/include/exec/cpu_ldst.h

@@ -168,4 +168,22 @@ static inline int cpu_ldsw_code(CPUArchState *env, abi_ptr addr)
 void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
                         MMUAccessType access_type, int mmu_idx);
 
+
+/**
+ * tlb_vaddr_to_paddr:
+ * @env: CPUArchState
+ * @addr: guest virtual address to look up
+ * @access_type: 0 for read, 1 for write, 2 for execute
+ * @mmu_idx: MMU index to use for lookup
+ * @paddr: pointer to store the physical address
+ *
+ * Look up the specified guest virtual index in the TCG softmmu TLB.
+ * If we can translate a host virtual address to a host physical address,
+ * without causing a guest exception, then save the physical address in
+ * paddr pointer.
+ *
+ * Returns true when posible to translate, otherwhise false
+ */
+bool tlb_vaddr_to_paddr(CPUArchState *env, abi_ptr addr,
+		        MMUAccessType access_type, int mmu_idx, target_ulong *paddr);
 #endif /* CPU_LDST_H */

qemu/m68k.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_m68k
 #define probe_access probe_access_m68k
 #define tlb_vaddr_to_host tlb_vaddr_to_host_m68k
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_m68k
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_m68k
 #define helper_le_lduw_mmu helper_le_lduw_mmu_m68k
 #define helper_be_lduw_mmu helper_be_lduw_mmu_m68k

qemu/mips.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_mips
 #define probe_access probe_access_mips
 #define tlb_vaddr_to_host tlb_vaddr_to_host_mips
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_mips
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_mips
 #define helper_le_lduw_mmu helper_le_lduw_mmu_mips
 #define helper_be_lduw_mmu helper_be_lduw_mmu_mips

qemu/mips64.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_mips64
 #define probe_access probe_access_mips64
 #define tlb_vaddr_to_host tlb_vaddr_to_host_mips64
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_mips64
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_mips64
 #define helper_le_lduw_mmu helper_le_lduw_mmu_mips64
 #define helper_be_lduw_mmu helper_be_lduw_mmu_mips64

qemu/mips64el.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_mips64el
 #define probe_access probe_access_mips64el
 #define tlb_vaddr_to_host tlb_vaddr_to_host_mips64el
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_mips64el
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_mips64el
 #define helper_le_lduw_mmu helper_le_lduw_mmu_mips64el
 #define helper_be_lduw_mmu helper_be_lduw_mmu_mips64el

qemu/mipsel.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_mipsel
 #define probe_access probe_access_mipsel
 #define tlb_vaddr_to_host tlb_vaddr_to_host_mipsel
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_mipsel
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_mipsel
 #define helper_le_lduw_mmu helper_le_lduw_mmu_mipsel
 #define helper_be_lduw_mmu helper_be_lduw_mmu_mipsel

qemu/ppc.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_ppc
 #define probe_access probe_access_ppc
 #define tlb_vaddr_to_host tlb_vaddr_to_host_ppc
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_ppc
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_ppc
 #define helper_le_lduw_mmu helper_le_lduw_mmu_ppc
 #define helper_be_lduw_mmu helper_be_lduw_mmu_ppc

qemu/ppc64.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_ppc64
 #define probe_access probe_access_ppc64
 #define tlb_vaddr_to_host tlb_vaddr_to_host_ppc64
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_ppc64
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_ppc64
 #define helper_le_lduw_mmu helper_le_lduw_mmu_ppc64
 #define helper_be_lduw_mmu helper_be_lduw_mmu_ppc64

qemu/riscv32.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_riscv32
 #define probe_access probe_access_riscv32
 #define tlb_vaddr_to_host tlb_vaddr_to_host_riscv32
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_riscv32
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_riscv32
 #define helper_le_lduw_mmu helper_le_lduw_mmu_riscv32
 #define helper_be_lduw_mmu helper_be_lduw_mmu_riscv32

qemu/riscv64.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_riscv64
 #define probe_access probe_access_riscv64
 #define tlb_vaddr_to_host tlb_vaddr_to_host_riscv64
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_riscv64
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_riscv64
 #define helper_le_lduw_mmu helper_le_lduw_mmu_riscv64
 #define helper_be_lduw_mmu helper_be_lduw_mmu_riscv64

qemu/s390x.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_s390x
 #define probe_access probe_access_s390x
 #define tlb_vaddr_to_host tlb_vaddr_to_host_s390x
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_s390x
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_s390x
 #define helper_le_lduw_mmu helper_le_lduw_mmu_s390x
 #define helper_be_lduw_mmu helper_be_lduw_mmu_s390x

qemu/sparc.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_sparc
 #define probe_access probe_access_sparc
 #define tlb_vaddr_to_host tlb_vaddr_to_host_sparc
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_sparc
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_sparc
 #define helper_le_lduw_mmu helper_le_lduw_mmu_sparc
 #define helper_be_lduw_mmu helper_be_lduw_mmu_sparc

qemu/sparc64.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_sparc64
 #define probe_access probe_access_sparc64
 #define tlb_vaddr_to_host tlb_vaddr_to_host_sparc64
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_sparc64
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_sparc64
 #define helper_le_lduw_mmu helper_le_lduw_mmu_sparc64
 #define helper_be_lduw_mmu helper_be_lduw_mmu_sparc64

qemu/tricore.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_tricore
 #define probe_access probe_access_tricore
 #define tlb_vaddr_to_host tlb_vaddr_to_host_tricore
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_tricore
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_tricore
 #define helper_le_lduw_mmu helper_le_lduw_mmu_tricore
 #define helper_be_lduw_mmu helper_be_lduw_mmu_tricore

qemu/unicorn_common.h

@@ -63,6 +63,34 @@ static bool cpu_virtual_mem_read(struct uc_struct *uc, vaddr addr, uint32_t prot
     return true;
 }
 
+static bool cpu_virtual_to_physical(struct uc_struct *uc, vaddr addr, uint32_t prot, uint64_t *paddr)
+{
+    target_ulong res;
+    MMUAccessType access_type;
+    int mmu_idx = cpu_mmu_index(uc->cpu->env_ptr, false);
+
+    switch(prot) {
+    case UC_PROT_READ:
+        access_type = MMU_DATA_LOAD;
+        break;
+    case UC_PROT_WRITE:
+        access_type = MMU_DATA_STORE;
+        break;
+    case UC_PROT_EXEC:
+        access_type = MMU_INST_FETCH;
+        break;
+    default:
+        return false;
+    }
+
+    if (!tlb_vaddr_to_paddr(uc->cpu->env_ptr, addr, access_type, mmu_idx, &res)) {
+        return false;
+    }
+
+    *paddr = res;
+    return true;
+}
+
 void tb_cleanup(struct uc_struct *uc);
 void free_code_gen_buffer(struct uc_struct *uc);
 
@@ -162,6 +190,7 @@ static inline void uc_common_init(struct uc_struct* uc)
     uc->write_mem = cpu_physical_mem_write;
     uc->read_mem = cpu_physical_mem_read;
     uc->read_mem_virtual = cpu_virtual_mem_read;
+    uc->virtual_to_physical = cpu_virtual_to_physical;
     uc->tcg_exec_init = tcg_exec_init;
     uc->cpu_exec_init_all = cpu_exec_init_all;
     uc->vm_start = vm_start;

qemu/x86_64.h

@@ -796,6 +796,7 @@
 #define get_page_addr_code get_page_addr_code_x86_64
 #define probe_access probe_access_x86_64
 #define tlb_vaddr_to_host tlb_vaddr_to_host_x86_64
+#define tlb_vaddr_to_paddr tlb_vaddr_to_paddr_x86_64
 #define helper_ret_ldub_mmu helper_ret_ldub_mmu_x86_64
 #define helper_le_lduw_mmu helper_le_lduw_mmu_x86_64
 #define helper_be_lduw_mmu helper_be_lduw_mmu_x86_64

symbols.sh

@@ -796,6 +796,7 @@ get_page_addr_code_hostp \
 get_page_addr_code \
 probe_access \
 tlb_vaddr_to_host \
+tlb_vaddr_to_paddr \
 helper_ret_ldub_mmu \
 helper_le_lduw_mmu \
 helper_be_lduw_mmu \

tests/unit/test_mem.c

@@ -449,6 +449,31 @@ static void test_snapshot_unmap(void)
     OK(uc_close(uc));
 }
 
+static bool test_v2p_tlb_fill(uc_engine *uc, uint64_t addr, uc_mem_type type,
+                               uc_tlb_entry *result, void *user_data)               
+{
+    if (type != UC_MEM_READ)
+        return false;
+    result->paddr = addr;
+    result->perms = UC_PROT_READ;
+    return true;
+}
+
+static void test_virtual_to_physical(void)
+{
+    uc_engine *uc;
+    uc_hook hook;
+    uint64_t res;
+
+    OK(uc_open(UC_ARCH_X86, UC_MODE_64, &uc));
+    OK(uc_ctl_tlb_mode(uc, UC_TLB_VIRTUAL));
+    OK(uc_hook_add(uc, &hook, UC_HOOK_TLB_FILL, test_v2p_tlb_fill, NULL, 1, 0));
+
+    OK(uc_virtual_to_physical(uc, 0x1000, UC_PROT_READ, &res));
+    uc_assert_err(UC_ERR_WRITE_PROT,
+                  uc_virtual_to_physical(uc, 0x1000, UC_PROT_WRITE, &res));
+}
+
 TEST_LIST = {{"test_map_correct", test_map_correct},
              {"test_map_wrapping", test_map_wrapping},
              {"test_mem_protect", test_mem_protect},
@@ -464,4 +489,5 @@ TEST_LIST = {{"test_map_correct", test_map_correct},
              {"test_snapshot_with_vtlb", test_snapshot_with_vtlb},
              {"test_context_snapshot", test_context_snapshot},
              {"test_snapshot_unmap", test_snapshot_unmap},
+             {"test_virtual_to_physical", test_virtual_to_physical},
              {NULL, NULL}};

uc.c

@@ -773,6 +773,39 @@ static bool check_mem_area(uc_engine *uc, uint64_t address, size_t size)
     return (count == size);
 }
 
+uc_err uc_virtual_to_physical(uc_engine *uc, uint64_t address, uc_prot prot,
+                              uint64_t *paddress)
+{
+    UC_INIT(uc);
+
+    if (!(UC_PROT_READ == prot || UC_PROT_WRITE == prot ||
+          UC_PROT_EXEC == prot)) {
+        restore_jit_state(uc);
+        return UC_ERR_ARG;
+    }
+
+    // The sparc mmu doesn't support probe mode
+    if (uc->arch == UC_ARCH_SPARC && uc->cpu->cc->tlb_fill == uc->cpu->cc->tlb_fill_cpu) {
+        restore_jit_state(uc);
+        return UC_ERR_ARG;
+    }
+
+    if (!uc->virtual_to_physical(uc, address, prot, paddress)) {
+        restore_jit_state(uc);
+        switch (prot) {
+        case UC_PROT_READ:
+            return UC_ERR_READ_PROT;
+        case UC_PROT_WRITE:
+            return UC_ERR_WRITE_PROT;
+        case UC_PROT_EXEC:
+            return UC_ERR_FETCH_PROT;
+        }
+    }
+
+    restore_jit_state(uc);
+    return UC_ERR_OK;
+}
+
 UNICORN_EXPORT
 uc_err uc_mem_read_virtual(uc_engine *uc, uint64_t address, uc_prot prot,
                            void *_bytes, size_t size)