implement uc_mem_unmap with snapshots

still has todos and need tests

Author: PhilippTakacs

include/uc_priv.h

@@ -289,6 +289,8 @@ struct uc_struct {
     uc_memory_mapping_t memory_mapping;
     uc_memory_filter_t memory_filter_subregions;
     uc_mem_unmap_t memory_unmap;
+    uc_mem_unmap_t memory_moveout;
+    uc_mem_unmap_t memory_movein;
     uc_readonly_mem_t readonly_mem;
     uc_cpus_init cpus_init;
     uc_target_page_init target_page;
@@ -412,6 +414,7 @@ struct uc_struct {
     PVOID seh_handle;
     void *seh_closure;
 #endif
+    GArray *unmapped_regions;
     int32_t snapshot_level;
 };
 

qemu/aarch64.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_aarch64
 #define memory_cow memory_cow_aarch64
 #define memory_unmap memory_unmap_aarch64
+#define memory_moveout memory_moveout_aarch64
+#define memory_movein memory_movein_aarch64
 #define memory_free memory_free_aarch64
 #define flatview_unref flatview_unref_aarch64
 #define address_space_get_flatview address_space_get_flatview_aarch64

qemu/arm.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_arm
 #define memory_cow memory_cow_arm
 #define memory_unmap memory_unmap_arm
+#define memory_moveout memory_moveout_arm
+#define memory_movein memory_movein_arm
 #define memory_free memory_free_arm
 #define flatview_unref flatview_unref_arm
 #define address_space_get_flatview address_space_get_flatview_arm

qemu/include/exec/memory.h

@@ -1217,6 +1217,8 @@ MemoryRegion *memory_map_ptr(struct uc_struct *uc, hwaddr begin, size_t size, ui
                              uc_cb_mmio_write_t write_cb, void *user_data_read, void *user_data_write);
 MemoryRegion *memory_cow(struct uc_struct *uc, MemoryRegion *parrent, hwaddr begin, size_t size);
 void memory_unmap(struct uc_struct *uc, MemoryRegion *mr);
+void memory_moveout(struct uc_struct *uc, MemoryRegion *mr);
+void memory_movein(struct uc_struct *uc, MemoryRegion *mr);
 int memory_free(struct uc_struct *uc);
 
 #endif

qemu/m68k.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_m68k
 #define memory_cow memory_cow_m68k
 #define memory_unmap memory_unmap_m68k
+#define memory_moveout memory_moveout_m68k
+#define memory_movein memory_movein_m68k
 #define memory_free memory_free_m68k
 #define flatview_unref flatview_unref_m68k
 #define address_space_get_flatview address_space_get_flatview_m68k

qemu/mips.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_mips
 #define memory_cow memory_cow_mips
 #define memory_unmap memory_unmap_mips
+#define memory_moveout memory_moveout_mips
+#define memory_movein memory_movein_mips
 #define memory_free memory_free_mips
 #define flatview_unref flatview_unref_mips
 #define address_space_get_flatview address_space_get_flatview_mips

qemu/mips64.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_mips64
 #define memory_cow memory_cow_mips64
 #define memory_unmap memory_unmap_mips64
+#define memory_moveout memory_moveout_mips64
+#define memory_movein memory_movein_mips64
 #define memory_free memory_free_mips64
 #define flatview_unref flatview_unref_mips64
 #define address_space_get_flatview address_space_get_flatview_mips64

qemu/mips64el.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_mips64el
 #define memory_cow memory_cow_mips64el
 #define memory_unmap memory_unmap_mips64el
+#define memory_moveout memory_moveout_mips64el
+#define memory_movein memory_movein_mips64el
 #define memory_free memory_free_mips64el
 #define flatview_unref flatview_unref_mips64el
 #define address_space_get_flatview address_space_get_flatview_mips64el

qemu/mipsel.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_mipsel
 #define memory_cow memory_cow_mipsel
 #define memory_unmap memory_unmap_mipsel
+#define memory_moveout memory_moveout_mipsel
+#define memory_movein memory_movein_mipsel
 #define memory_free memory_free_mipsel
 #define flatview_unref flatview_unref_mipsel
 #define address_space_get_flatview address_space_get_flatview_mipsel

qemu/ppc.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_ppc
 #define memory_cow memory_cow_ppc
 #define memory_unmap memory_unmap_ppc
+#define memory_moveout memory_moveout_ppc
+#define memory_movein memory_movein_ppc
 #define memory_free memory_free_ppc
 #define flatview_unref flatview_unref_ppc
 #define address_space_get_flatview address_space_get_flatview_ppc

qemu/ppc64.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_ppc64
 #define memory_cow memory_cow_ppc64
 #define memory_unmap memory_unmap_ppc64
+#define memory_moveout memory_moveout_ppc64
+#define memory_movein memory_movein_ppc64
 #define memory_free memory_free_ppc64
 #define flatview_unref flatview_unref_ppc64
 #define address_space_get_flatview address_space_get_flatview_ppc64

qemu/riscv32.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_riscv32
 #define memory_cow memory_cow_riscv32
 #define memory_unmap memory_unmap_riscv32
+#define memory_moveout memory_moveout_riscv32
+#define memory_movein memory_movein_riscv32
 #define memory_free memory_free_riscv32
 #define flatview_unref flatview_unref_riscv32
 #define address_space_get_flatview address_space_get_flatview_riscv32

qemu/riscv64.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_riscv64
 #define memory_cow memory_cow_riscv64
 #define memory_unmap memory_unmap_riscv64
+#define memory_moveout memory_moveout_riscv64
+#define memory_movein memory_movein_riscv64
 #define memory_free memory_free_riscv64
 #define flatview_unref flatview_unref_riscv64
 #define address_space_get_flatview address_space_get_flatview_riscv64

qemu/s390x.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_s390x
 #define memory_cow memory_cow_s390x
 #define memory_unmap memory_unmap_s390x
+#define memory_moveout memory_moveout_s390x
+#define memory_movein memory_movein_s390x
 #define memory_free memory_free_s390x
 #define flatview_unref flatview_unref_s390x
 #define address_space_get_flatview address_space_get_flatview_s390x

qemu/softmmu/memory.c

@@ -208,10 +208,38 @@ void memory_region_filter_subregions(MemoryRegion *mr, int32_t level)
     memory_region_transaction_commit(mr);
 }
 
-void memory_unmap(struct uc_struct *uc, MemoryRegion *mr)
+static void memory_region_remove_mapped_block(struct uc_struct *uc, MemoryRegion *mr, bool free)
+{
+    size_t i;
+    for (i = 0; i < uc->mapped_block_count; i++) {
+        if (uc->mapped_blocks[i] == mr) {
+            uc->mapped_block_count--;
+            //shift remainder of array down over deleted pointer
+            memmove(&uc->mapped_blocks[i], &uc->mapped_blocks[i + 1], sizeof(MemoryRegion*) * (uc->mapped_block_count - i));
+            if (free) {
+                mr->destructor(mr);
+                g_free(mr);
+            }
+            break;
+        }
+    }
+}
+
+void memory_moveout(struct uc_struct *uc, MemoryRegion *mr)
 {
-    int i;
     hwaddr addr;
+    /* A bit dirty, but it works.
+     * The first subregion will be the one with the smalest priority.
+     * In case of CoW this will always be the region which is mapped initial and later be moved in the subregion of the container.
+     * The initial subregion is the one stored in mapped_blocks
+     * Because CoW is done after the snapshot level is increased there is only on subregion with 
+     */
+    memory_region_transaction_begin();
+    MemoryRegion *mr_block = QTAILQ_FIRST(&mr->subregions);
+
+    if (!mr_block) {
+        mr_block = mr;
+    }
 
     if (uc->cpu) {
         // We also need to remove all tb cache
@@ -223,18 +251,40 @@ void memory_unmap(struct uc_struct *uc, MemoryRegion *mr)
            tlb_flush_page(uc->cpu, addr);
         }
     }
+
     memory_region_del_subregion(uc->system_memory, mr);
+    g_array_append_val(uc->unmapped_regions, mr);
+    memory_region_remove_mapped_block(uc, mr_block, false);
+    uc->memory_region_update_pending = true;
+    memory_region_transaction_commit(uc->system_memory);
+    /* dirty hack to save the snapshot level */
+    mr->container = (void *)(intptr_t)uc->snapshot_level;
+}
 
-    for (i = 0; i < uc->mapped_block_count; i++) {
-        if (uc->mapped_blocks[i] == mr) {
-            uc->mapped_block_count--;
-            //shift remainder of array down over deleted pointer
-            memmove(&uc->mapped_blocks[i], &uc->mapped_blocks[i + 1], sizeof(MemoryRegion*) * (uc->mapped_block_count - i));
-            mr->destructor(mr);
-            g_free(mr);
-            break;
+void memory_movein(struct uc_struct *uc, MemoryRegion *mr)
+{
+    memory_region_transaction_begin();
+    memory_region_add_subregion_overlap(uc->system_memory, mr->addr, mr, mr->priority);
+    uc->memory_region_update_pending = true;
+    memory_region_transaction_commit(uc->system_memory);
+}
+
+void memory_unmap(struct uc_struct *uc, MemoryRegion *mr)
+{
+    hwaddr addr;
+
+    if (uc->cpu) {
+        // We also need to remove all tb cache
+        uc->uc_invalidate_tb(uc, mr->addr, int128_get64(mr->size));
+
+        // Make sure all pages associated with the MemoryRegion are flushed
+        // Only need to do this if we are in a running state
+        for (addr = mr->addr; (int64_t)(mr->end - addr) > 0; addr += uc->target_page_size) {
+           tlb_flush_page(uc->cpu, addr);
         }
     }
+    memory_region_del_subregion(uc->system_memory, mr);
+    memory_region_remove_mapped_block(uc, mr, true);
 }
 
 int memory_free(struct uc_struct *uc)

qemu/sparc.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_sparc
 #define memory_cow memory_cow_sparc
 #define memory_unmap memory_unmap_sparc
+#define memory_moveout memory_moveout_sparc
+#define memory_movein memory_movein_sparc
 #define memory_free memory_free_sparc
 #define flatview_unref flatview_unref_sparc
 #define address_space_get_flatview address_space_get_flatview_sparc

qemu/sparc64.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_sparc64
 #define memory_cow memory_cow_sparc64
 #define memory_unmap memory_unmap_sparc64
+#define memory_moveout memory_moveout_sparc64
+#define memory_movein memory_movein_sparc64
 #define memory_free memory_free_sparc64
 #define flatview_unref flatview_unref_sparc64
 #define address_space_get_flatview address_space_get_flatview_sparc64

qemu/tricore.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_tricore
 #define memory_cow memory_cow_tricore
 #define memory_unmap memory_unmap_tricore
+#define memory_moveout memory_moveout_tricore
+#define memory_movein memory_movein_tricore
 #define memory_free memory_free_tricore
 #define flatview_unref flatview_unref_tricore
 #define address_space_get_flatview address_space_get_flatview_tricore

qemu/unicorn_common.h

@@ -130,6 +130,8 @@ static inline void uc_common_init(struct uc_struct* uc)
     uc->memory_map = memory_map;
     uc->memory_map_ptr = memory_map_ptr;
     uc->memory_unmap = memory_unmap;
+    uc->memory_moveout = memory_moveout;
+    uc->memory_movein = memory_movein;
     uc->readonly_mem = memory_region_set_readonly;
     uc->target_page = target_page_init;
     uc->softfloat_initialize = softfloat_init;

qemu/x86_64.h

@@ -125,6 +125,8 @@
 #define memory_map_ptr memory_map_ptr_x86_64
 #define memory_cow memory_cow_x86_64
 #define memory_unmap memory_unmap_x86_64
+#define memory_moveout memory_moveout_x86_64
+#define memory_movein memory_movein_x86_64
 #define memory_free memory_free_x86_64
 #define flatview_unref flatview_unref_x86_64
 #define address_space_get_flatview address_space_get_flatview_x86_64

symbols.sh

@@ -125,6 +125,8 @@ memory_map_io \
 memory_map_ptr \
 memory_cow \
 memory_unmap \
+memory_moveout \
+memory_movein \
 memory_free \
 flatview_unref \
 address_space_get_flatview \

tests/unit/test_mem.c

@@ -346,6 +346,39 @@ static void test_context_snapshot(void)
     OK(uc_close(uc));
 }
 
+static void test_snapshot_unmap(void)
+{
+    uc_engine *uc;
+    uc_context *ctx;
+    uint64_t tmp;
+
+    OK(uc_open(UC_ARCH_X86, UC_MODE_64, &uc));
+    OK(uc_ctl_context_mode(uc, UC_CTL_CONTEXT_MEMORY|UC_CTL_CONTEXT_CPU));
+    OK(uc_mem_map(uc, 0x1000, 0x2000, UC_PROT_ALL));
+
+    tmp = 1;
+    OK(uc_mem_write(uc, 0x1000, &tmp, sizeof(tmp)));
+    tmp = 2;
+    OK(uc_mem_write(uc, 0x2000, &tmp, sizeof(tmp)));
+
+    OK(uc_context_alloc(uc, &ctx));
+    OK(uc_context_save(uc, ctx));
+
+    uc_assert_err(UC_ERR_ARG, uc_mem_unmap(uc, 0x1000, 0x1000));
+    OK(uc_mem_unmap(uc, 0x1000, 0x2000));
+    uc_assert_err(UC_ERR_READ_UNMAPPED, uc_mem_read(uc, 0x1000, &tmp, sizeof(tmp)));
+    uc_assert_err(UC_ERR_READ_UNMAPPED, uc_mem_read(uc, 0x2000, &tmp, sizeof(tmp)));
+
+    OK(uc_context_restore(uc, ctx));
+    OK(uc_mem_read(uc, 0x1000, &tmp, sizeof(tmp)));
+    TEST_CHECK(tmp == 1);
+    OK(uc_mem_read(uc, 0x2000, &tmp, sizeof(tmp)));
+    TEST_CHECK(tmp == 2);
+
+    OK(uc_context_free(ctx));
+    OK(uc_close(uc));
+}
+
 TEST_LIST = {{"test_map_correct", test_map_correct},
              {"test_map_wrapping", test_map_wrapping},
              {"test_mem_protect", test_mem_protect},
@@ -359,4 +392,5 @@ TEST_LIST = {{"test_map_correct", test_map_correct},
              {"test_mem_protect_mmio", test_mem_protect_mmio},
              {"test_snapshot", test_snapshot},
              {"test_context_snapshot", test_context_snapshot},
+             {"test_snapshot_unmap", test_snapshot_unmap},
              {NULL, NULL}};