Merge pull request #6 from schumilo/qemu-nyx-4.2.0

bug fix: don't reuse ram_offset as physical address

nyx/memory_access.c

@@ -167,13 +167,13 @@ bool remap_payload_slot(uint64_t phys_addr, uint32_t slot, CPUState *cpu){
 
     uint32_t i = slot;
 
-    phys_addr = address_to_ram_offset(phys_addr);
+    uint64_t phys_addr_ram_offset = address_to_ram_offset(phys_addr);
 
     QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
         if(!memcmp(block->idstr, "pc.ram", 6)){
             /* TODO: put assert calls here */ 
-            munmap((void*)(((uint64_t)block->host) + phys_addr), x86_64_PAGE_SIZE);
+            munmap((void*)(((uint64_t)block->host) + phys_addr_ram_offset), x86_64_PAGE_SIZE);
-            mmap((void*)(((uint64_t)block->host) + phys_addr), 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, GET_GLOBAL_STATE()->shared_payload_buffer_fd, (i*x86_64_PAGE_SIZE));
+            mmap((void*)(((uint64_t)block->host) + phys_addr_ram_offset), 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, GET_GLOBAL_STATE()->shared_payload_buffer_fd, (i*x86_64_PAGE_SIZE));
 
             //printf("MMUNMAP: %d\n", munmap((void*)(((uint64_t)block->host) + phys_addr), x86_64_PAGE_SIZE));
             //printf("MMAP: %p\n", mmap((void*)(((uint64_t)block->host) + phys_addr), 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, GET_GLOBAL_STATE()->shared_payload_buffer_fd, (i*x86_64_PAGE_SIZE)));
@@ -205,9 +205,8 @@ bool remap_slot(uint64_t addr, uint32_t slot, CPUState *cpu, int fd, uint64_t sh
             fprintf(stderr, "[QEMU-Nyx] Check if the buffer is present in the guest's memory...\n");
             exit(1);
         }
-
-        phys_addr = address_to_ram_offset(phys_addr);
     }
+    uint64_t phys_addr_ram_offset = address_to_ram_offset(phys_addr);
 
     //printf("phys_addr -> %lx\n", phys_addr);
         
@@ -216,8 +215,8 @@ bool remap_slot(uint64_t addr, uint32_t slot, CPUState *cpu, int fd, uint64_t sh
     QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
         if(!memcmp(block->idstr, "pc.ram", 6)){
             /* TODO: put assert calls here */ 
-            munmap((void*)(((uint64_t)block->host) + phys_addr), x86_64_PAGE_SIZE);
+            munmap((void*)(((uint64_t)block->host) + phys_addr_ram_offset), x86_64_PAGE_SIZE);
-            mmap((void*)(((uint64_t)block->host) + phys_addr), 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, fd, (i*x86_64_PAGE_SIZE));
+            mmap((void*)(((uint64_t)block->host) + phys_addr_ram_offset), 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, fd, (i*x86_64_PAGE_SIZE));
 
             //printf("MMUNMAP: %d\n", munmap((void*)(((uint64_t)block->host) + phys_addr), x86_64_PAGE_SIZE));
             //printf("MMAP: %p\n", mmap((void*)(((uint64_t)block->host) + phys_addr), 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, fd, (i*x86_64_PAGE_SIZE)));
@@ -239,14 +238,14 @@ bool remap_payload_slot_protected(uint64_t phys_addr, uint32_t slot, CPUState *c
 
     uint32_t i = slot;
 
-    phys_addr = address_to_ram_offset(phys_addr);
+    uint64_t phys_addr_ram_offset = address_to_ram_offset(phys_addr);
 
     QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
         if(!memcmp(block->idstr, "pc.ram", 6)){
 
             /* TODO: put assert calls here */ 
-            munmap((void*)(((uint64_t)block->host) + phys_addr), x86_64_PAGE_SIZE);
+            munmap((void*)(((uint64_t)block->host) + phys_addr_ram_offset), x86_64_PAGE_SIZE);
-            mmap((void*)(((uint64_t)block->host) + phys_addr), 0x1000, PROT_READ , MAP_SHARED | MAP_FIXED, GET_GLOBAL_STATE()->shared_payload_buffer_fd, (i*x86_64_PAGE_SIZE));
+            mmap((void*)(((uint64_t)block->host) + phys_addr_ram_offset), 0x1000, PROT_READ , MAP_SHARED | MAP_FIXED, GET_GLOBAL_STATE()->shared_payload_buffer_fd, (i*x86_64_PAGE_SIZE));
 
             //printf("MMUNMAP: %d\n", munmap((void*)(((uint64_t)block->host) + phys_addr), x86_64_PAGE_SIZE));
             //printf("MMAP: %p\n", mmap((void*)(((uint64_t)block->host) + phys_addr), 0x1000, PROT_READ , MAP_SHARED | MAP_FIXED, GET_GLOBAL_STATE()->shared_payload_buffer_fd, (i*x86_64_PAGE_SIZE)));
@@ -296,28 +295,28 @@ bool remap_payload_buffer(uint64_t virt_guest_addr, CPUState *cpu){
 
         assert(phys_addr != INVALID_ADDRESS);
 
-        phys_addr = address_to_ram_offset(phys_addr);
+        uint64_t phys_addr_ram_offset = address_to_ram_offset(phys_addr);
 
         QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
             if(!memcmp(block->idstr, "pc.ram", 6)){
                 //printf("MMUNMAP: %d\n", munmap((void*)(((uint64_t)block->host) + phys_addr), x86_64_PAGE_SIZE));
-                if(munmap((void*)(((uint64_t)block->host) + phys_addr), x86_64_PAGE_SIZE) == -1){
+                if(munmap((void*)(((uint64_t)block->host) + phys_addr_ram_offset), x86_64_PAGE_SIZE) == -1){
                     fprintf(stderr, "munmap failed!\n");
                     //exit(1);
                     assert(false);
                 }
                 //printf("MMAP: %lx\n", mmap((void*)(((uint64_t)block->host) + phys_addr), 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, shared_payload_buffer_fd, (i*x86_64_PAGE_SIZE)));
 
-                if(mmap((void*)(((uint64_t)block->host) + phys_addr), 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, GET_GLOBAL_STATE()->shared_payload_buffer_fd, (i*x86_64_PAGE_SIZE)) == MAP_FAILED){
+                if(mmap((void*)(((uint64_t)block->host) + phys_addr_ram_offset), 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, GET_GLOBAL_STATE()->shared_payload_buffer_fd, (i*x86_64_PAGE_SIZE)) == MAP_FAILED){
                     fprintf(stderr, "mmap failed!\n");
                     //exit(1);
                     assert(false);
                 }
 
-                memset((block->host) + phys_addr, 0xab, 0x1000);
+                memset((block->host) + phys_addr_ram_offset, 0xab, 0x1000);
 
                 if(GET_GLOBAL_STATE()->protect_payload_buffer){
-                    mprotect((block->host) + phys_addr, 0x1000, PROT_READ);
+                    mprotect((block->host) + phys_addr_ram_offset, 0x1000, PROT_READ);
                 }
 
                 fast_reload_blacklist_page(get_fast_reload_snapshot(), phys_addr);