Python Binding: Not yet support UC_HOOK_TLB_FILL?

[DynamicLoader]

I'd installed version 2.1.1

When using hook_add, it just throw a exception. I digged into it and there is no impl of UC_HOOK_TLB_FILL.

        handlers: Mapping[int, Callable[[], Tuple]] = {
            uc.UC_HOOK_INTR               : __hook_intr,
            uc.UC_HOOK_INSN               : __hook_insn,
            uc.UC_HOOK_CODE               : __hook_code,
            uc.UC_HOOK_BLOCK              : __hook_code,
            uc.UC_HOOK_MEM_READ_UNMAPPED  : __hook_invalid_mem,
            uc.UC_HOOK_MEM_WRITE_UNMAPPED : __hook_invalid_mem,
            uc.UC_HOOK_MEM_FETCH_UNMAPPED : __hook_invalid_mem,
            uc.UC_HOOK_MEM_READ_PROT      : __hook_invalid_mem,
            uc.UC_HOOK_MEM_WRITE_PROT     : __hook_invalid_mem,
            uc.UC_HOOK_MEM_FETCH_PROT     : __hook_invalid_mem,
            uc.UC_HOOK_MEM_READ           : __hook_mem,
            uc.UC_HOOK_MEM_WRITE          : __hook_mem,
            uc.UC_HOOK_MEM_FETCH          : __hook_mem,
            # uc.UC_HOOK_MEM_READ_AFTER
            uc.UC_HOOK_INSN_INVALID       : __hook_invalid_insn,
            uc.UC_HOOK_EDGE_GENERATED     : __hook_edge_gen,
            uc.UC_HOOK_TCG_OPCODE         : __hook_tcg_opcode
        }

But the defination is in const...

[wtdcode]

@elicn Would you like to add this? Or I can also help.

[elicn]

Sure, let me look into this.

[DynamicLoader]

Great to hear that! I'd compile it and try, but something just wrong....
I had set tlb mode to virtual and register the callback, like below:

def hook_tlb_fill(uc : Uc, access, address, size, value, user_data):
    print(">>> TLB Fill at 0x%x, data size = %u" % (address, size))
    uc.ctl_flush_tb()

# <Some other init>

mu = Uc(UC_ARCH_RISCV, UC_MODE_64)
mu.ctl_set_tlb_mode(UC_TLB_VIRTUAL)
mu.hook_add(UC_HOOK_TLB_FILL, hook_tlb_fill)

# <some init of memory  and registers>

mu.emu_start(entry_point, code_end)

And it just throw:

Traceback (most recent call last):
  File "main.py", line 172, in <module>
    mu.emu_start(entry_point, code_end)
  File ".conda\Lib\site-packages\unicorn\unicorn_py3\unicorn.py", line 768, in emu_start
    raise UcError(status)
unicorn.unicorn_py3.unicorn.UcError: Unhandled CPU exception (UC_ERR_EXCEPTION)

What should I do, please?

[elicn]

What if you remove the hook? Is it still happening?

[DynamicLoader]

No, it only happens when VIRTUAL and hook set.

[PhilippTakacs]

Your hook doesn't return a mapping, so the emulation will cause a pagefault.

Also why do want to clean the translation buffer?

[DynamicLoader]

I just test to see if it's needed to clear. (Learned the function from the wiki). I dont get any doc about what should the function return....

[wtdcode]

You should have a check for this file: https://github.com/unicorn-engine/unicorn/blob/master/samples/sample_mmu.c

[DynamicLoader]

OK. But the problem seems to happen before the callback. It should call the callback at least one time, but i didnt see any output from the callback. I'd give a min PoC if needed.

[DynamicLoader]

I'd found the problem. Please see the comment on the commit here.

Also I used a wrong callback proto so it didn't get called. :-)

[elicn]

Ah, snap.. I missed this.
Let me push a fix later on today.

[DynamicLoader]

But there is still something strange. When I just set the paddr = vaddr and always return true in tlb callback, the first time it success and executed, but the second time it will throw UC_ERR_EXCEPTION. If not register the callback, all things go normally.

I wonder what does the default callback (lets said it, i didn't dig into the source code) do when set VIRTUAL but not registering an callback.

Edit: I had read the source code and it just set paddr to the page of vaddr directly, the same as what I do, if not registering the callback...

[PhilippTakacs]

But there is still something strange. When I just set the paddr = vaddr and always return true in tlb callback, the first time it success and executed, but the second time it will throw UC_ERR_EXCEPTION. If not register the callback, all things go normally.

Can you provide a full example for this behavior?