Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unicorn 2.1.0: UC_ERR_READ_UNMAPPED when using high virtual addresses #2010

Open
Antelox opened this issue Sep 25, 2024 · 3 comments
Open

Unicorn 2.1.0: UC_ERR_READ_UNMAPPED when using high virtual addresses #2010

Antelox opened this issue Sep 25, 2024 · 3 comments

Comments

@Antelox
Copy link
Contributor

Antelox commented Sep 25, 2024

Hi,

Since the 2.1.0 release, I've been observing a crash happening while using very high virtual addresses.

Below a snippet that reproduces the issue:

from unicorn import Uc
from unicorn.unicorn_const import UC_ARCH_X86, UC_MODE_64
from unicorn.x86_const import UC_X86_REG_RAX

u = Uc(UC_ARCH_X86, UC_MODE_64)
u.mem_map(0x30000000000000, 0x1000)
u.mem_write(0x30000000000000, b'\x31\x32\x33\x34\x35\x36\x37\x38')
print(u.mem_read(0x30000000000000, 8))
u.reg_write(UC_X86_REG_RAX, 0x30000000000000)
print(hex(u.reg_read(UC_X86_REG_RAX)))
u.mem_map(0x200000, 0x1000)
u.mem_write(0x200000, b'\x48\x8b\x00') # mov rax, [rax]
u.emu_start(0x200000, 0x200003)
print(hex(u.reg_read(UC_X86_REG_RAX)))

The crash is this:

unicorn.unicorn_py3.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)

The same code works fine with the version 2.0.1.post1

Digging among the many changes from a release to the other, I have seen the introduction of a uc_ctl called TLB_MODE (https://github.com/unicorn-engine/unicorn/blob/master/docs/FAQ.md#is-there-anyway-to-disable-softmmu-to-speed-up-execution).

Setting it to VIRTUAL solves the issue but I'm not totally sure if this is proper fix or just a side effect.

Any ideas? Thanks in advance!
@PhilippTakacs
Copy link
Contributor

Setting it to VIRTUAL solves the issue but I'm not totally sure if this is proper fix or just a side effect.

Yes this is the proper fix.

With this release unicorn enables the softmmu of qemu and defaults to the mmu of the emulated target. By default the mmu of X86 only allows access to a limit part of the address space. To use the full virtual address space you can either configure the mmu of your emulation target or use the virtual mmu with by default does a 1:1 mapping.

@wtdcode
Copy link
Member

wtdcode commented Oct 3, 2024
edited
Loading

Quick debugging shows that we by default don't enable long mode, which is the root cause.

The root cause is that, long mode is enabled while paging is disabled. This is indeed resulting a 1:1 mapping but note x86_64 only supports 52 bits of physical memory space while the address you are accessing is 54 bits. Therefore, it's a limitation of x86_64 MMU implementation.

I tried to simply extend the mask to 64bits (physical memory address) and this works, but I have no idea if this has further side effects. The best workaround so far is using a lower address or vtlb mode as said above.

@Antelox
Copy link
Contributor Author

Antelox commented Oct 6, 2024

Hi, Thanks a lot to both of you for the explanation! In short I need to enable the VIRTUAL mode as reported in my first comment. I will do it and report issues, should I find any of them (Hopefully not :P ), so far so good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Antelox @wtdcode @PhilippTakacs