add unicorn dependency as submodule; remove modified tbs from cache d…

…uring emulation
Fraunhofer-AISEC · May 9, 2023 · efb1106 · efb1106
1 parent 1dcf389
commit efb1106
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 4 deletions.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -42,4 +42,5 @@ jobs:
           args: --all --manifest-path ./emulation_worker/Cargo.toml -- --check
       - run: |
           cd emulation_worker
+          git submodule update --init unicorn
           cargo clippy -- -D warnings
diff --git a/.gitmodules b/.gitmodules
@@ -1,3 +1,6 @@
 [submodule "qemu"]
 	path = qemu
 	url = https://github.com/Fraunhofer-AISEC/archie-qemu.git
+[submodule "emulation_worker/unicorn"]
+	path = emulation_worker/unicorn
+	url = https://github.com/unicorn-engine/unicorn.git
diff --git a/emulation_worker/Cargo.lock b/emulation_worker/Cargo.lock
diff --git a/emulation_worker/Cargo.toml b/emulation_worker/Cargo.toml
@@ -2,6 +2,8 @@
 name = "emulation_worker"
 version = "0.1.0"
 edition = "2021"
+authors = ["Kevin Schneider"]
+license = "Apache-2.0"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [lib]
@@ -10,7 +12,7 @@ crate-type = ["cdylib"]
 
 [dependencies]
 pyo3 = { version = "0.17.3", features = ["extension-module"] }
-unicorn-engine = "2.0.0"
+unicorn-engine = { path = "./unicorn" }
 num = "0.4.0"
 priority-queue = "1.3.1"
 capstone = "0.11.0"

diff --git a/emulation_worker/src/hooks.rs b/emulation_worker/src/hooks.rs
@@ -211,6 +211,12 @@ fn fault_hook_cb(uc: &mut Unicorn<'_, ()>, address: u64, _size: u32, state: &Arc
             fault_data.extend(std::iter::repeat(0).take(fault_size as usize - fault_data.len()));
             uc.mem_write(fault.address, fault_data.as_slice())
                 .expect("failed writing fault data to memory");
+            if matches!(fault.kind, FaultType::Instruction) {
+                // We need to remove the tb containing the modified instructions from the cache
+                // since they might not have any effect otherwise
+                uc.ctl_remove_cache(fault.address, fault.address + fault_size as u64)
+                    .unwrap();
+            }
             dump_memory(
                 uc,
                 fault.address,

diff --git a/emulation_worker/src/hooks/util.rs b/emulation_worker/src/hooks/util.rs
@@ -95,6 +95,14 @@ pub fn undo_faults(
         FaultType::Data | FaultType::Instruction => {
             uc.mem_write(fault.address, prefault_data.to_bytes_le().as_slice())
                 .expect("failed restoring memory value");
+            if matches!(fault.kind, FaultType::Instruction) {
+                //uc.ctl_arg_2(UC_CTL_TB_REMOVE_CACHE | UC_CTL_IO_WRITE, unsafe { std::mem::transmute::<u64, *mut c_void>(address) }, unsafe { std::mem::transmute::<u64, *mut c_void>(fault.address + prefault_data.to_bytes_le().len() as u64) }).unwrap();
+                uc.ctl_remove_cache(
+                    fault.address,
+                    fault.address + prefault_data.to_bytes_le().len() as u64,
+                )
+                .unwrap();
+            }
         }
     }
 

diff --git a/emulation_worker/unicorn b/emulation_worker/unicorn