add uc_mem_read_virtual

New api to read from a vaddr. When using the MMU it's useful to direct
read from virtual addresses.

Author: PhilippTakacs

include/uc_priv.h

@@ -80,6 +80,9 @@ typedef bool (*uc_write_mem_t)(AddressSpace *as, hwaddr addr,
 typedef bool (*uc_read_mem_t)(AddressSpace *as, hwaddr addr, uint8_t *buf,
                               int len);
 
+typedef bool (*uc_read_mem_virtual_t)(struct uc_struct *uc, vaddr addr, uc_prot prot, uint8_t *buf,
+                              int len);
+
 typedef MemoryRegion *(*uc_mem_cow_t)(struct uc_struct *uc,
                                       MemoryRegion *current, hwaddr begin,
                                       size_t size);
@@ -276,6 +279,7 @@ struct uc_struct {
 
     uc_write_mem_t write_mem;
     uc_read_mem_t read_mem;
+    uc_read_mem_virtual_t read_mem_virtual;
     uc_mem_cow_t memory_cow;
     uc_args_void_t release;  // release resource when uc_close()
     uc_args_uc_u64_t set_pc; // set PC for tracecode

include/unicorn/unicorn.h

@@ -933,6 +933,26 @@ uc_err uc_mem_write(uc_engine *uc, uint64_t address, const void *bytes,
 UNICORN_EXPORT
 uc_err uc_mem_read(uc_engine *uc, uint64_t address, void *bytes, size_t size);
 
+/*
+ Read a range of bytes in memory after mmu translation.
+
+ @uc:      handle returned by uc_open()
+ @address: starting virtual memory address of bytes to get.
+ @prot:    The access type for the tlb lookup
+ @bytes:   pointer to a variable containing data copied from memory.
+ @size:    size of memory to read.
+
+ NOTE: @bytes must be big enough to contain @size bytes.
+
+ This function will translate the address with the mmu. Therefore all
+ pages needs to be memory mapped with the proper access rights.
+
+ @return UC_ERR_OK on success, or other value on failure (refer to uc_err enum
+   for detailed error).
+*/
+UNICORN_EXPORT
+uc_err uc_mem_read_virtual(uc_engine *uc, uint64_t address, uc_prot prot, void *bytes, size_t size);
+
 /*
  Emulate machine code in a specific duration of time.
 

qemu/unicorn_common.h

@@ -5,6 +5,7 @@
 #include "tcg/tcg.h"
 #include "qemu-common.h"
 #include "exec/memory.h"
+#include "exec/cpu_ldst.h"
 
 // This header define common patterns/codes that will be included in all arch-sepcific
 // codes for unicorns purposes.
@@ -28,6 +29,40 @@ static inline bool cpu_physical_mem_write(AddressSpace *as, hwaddr addr,
     return cpu_physical_memory_rw(as, addr, (void *)buf, len, 1);
 }
 
+static bool cpu_virtual_mem_read(struct uc_struct *uc, vaddr addr, uc_prot prot, uint8_t *buf, int len)
+{
+    MMUAccessType access_type;
+    void *hostptr;
+    int mmu_idx = cpu_mmu_index(uc->cpu->env_ptr, false);
+
+    /*
+     * Only page aligned access is allowed,
+     * because tlb_fill() might change the mappings
+     */
+    assert((addr & TARGET_PAGE_MASK) == ((addr + len) & TARGET_PAGE_MASK));
+
+    switch(prot) {
+    case UC_PROT_READ:
+        access_type = MMU_DATA_LOAD;
+        break;
+    case UC_PROT_WRITE:
+        access_type = MMU_DATA_STORE;
+        break;
+    case UC_PROT_EXEC:
+        access_type = MMU_INST_FETCH;
+        break;
+    default:
+        return false;
+    }
+
+    hostptr = tlb_vaddr_to_host(uc->cpu->env_ptr, addr, access_type, mmu_idx);
+    if (!hostptr) {
+        return false;
+    }
+    memcpy(buf, hostptr, len);
+    return true;
+}
+
 void tb_cleanup(struct uc_struct *uc);
 void free_code_gen_buffer(struct uc_struct *uc);
 
@@ -126,6 +161,7 @@ static inline void uc_common_init(struct uc_struct* uc)
 {
     uc->write_mem = cpu_physical_mem_write;
     uc->read_mem = cpu_physical_mem_read;
+    uc->read_mem_virtual = cpu_virtual_mem_read;
     uc->tcg_exec_init = tcg_exec_init;
     uc->cpu_exec_init_all = cpu_exec_init_all;
     uc->vm_start = vm_start;

uc.c

@@ -773,6 +773,45 @@ static bool check_mem_area(uc_engine *uc, uint64_t address, size_t size)
     return (count == size);
 }
 
+UNICORN_EXPORT
+uc_err uc_mem_read_virtual(uc_engine *uc, uint64_t address, uc_prot prot, void *_bytes, size_t size)
+{
+    size_t count = 0, len;
+    uint8_t *bytes = _bytes;
+    uint64_t align;
+    uint64_t pagesize;
+
+    UC_INIT(uc);
+
+    // qemu cpu_physical_memory_rw() size is an int
+    if (size > INT_MAX) {
+        restore_jit_state(uc);
+        return UC_ERR_ARG;
+    }
+
+    if (!(UC_PROT_READ == prot || UC_PROT_WRITE == prot || UC_PROT_EXEC == prot)) {
+        restore_jit_state(uc);
+        return UC_ERR_ARG;
+    }
+
+    while (count < size) {
+        align = uc->target_page_align;
+        pagesize = uc->target_page_size;
+        len = MIN(size - count, (address & ~align) + pagesize - address);
+        if (!uc->read_mem_virtual(uc, address, prot, bytes, len)) {
+            restore_jit_state(uc);
+            return UC_ERR_READ_UNMAPPED;
+        }
+        bytes += len;
+        address += len;
+        count += len;
+        size -= len;
+    }
+    assert(count == size);
+    restore_jit_state(uc);
+    return UC_ERR_OK;
+}
+
 UNICORN_EXPORT
 uc_err uc_mem_read(uc_engine *uc, uint64_t address, void *_bytes, size_t size)
 {