selfmod code in aarch64 platform

[kevin kuai]

Hi, I made some experiments to use Dynamorio to trace java application on Linux aarch64. I got some problems in self mod code flushing.

From log, I find Dynamorio try flush selfmod fragment with wrong begin/end value. These values are not related and end is smaller than begin.

I enable the hw_cache_consistency option, it looks Dynamorio detect self modify behavior in signal handler when application try to write on executable area. And in dispatch_enter_dynomiro(), the begin/end value is from spilled r2 and r3. I don't find the code to set them in signal handler. So I don't know how to check them.

In aarch64.asm, I found r2/r3 are set when mangle icache flush instructions. But I found they are not touched no matter I enable or disable hw_cache_consistency. How can I make them work?

Thanks,

Kevin

[assad.hashm...@gmail.com]

Hi Kevin,

Do you have a small test case which exhibits this behaviour?

Thanks

[Derek Bruening]

Please also elaborate with details such as log and code snippets as it is not clear what r2 and r3 you are referring to and what signal handler (detecting modified code using a signal would not normally happen on aarch64: are you referring to x86?).

--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dynamorio-users/b56a885d-698e-44d3-a5f0-13ed5e94262bn%40googlegroups.com.

[kevin kuai]

I just find the cause why Dynamorio can not get the range of modified code.

Without hw_cache_consistency option, Dynamorio will mangle "ic ivau" and "isb" to handle self modify code. Dynamorio can get the modified address from "ic ivau" instruction. In hotspot jvm , it uses gcc __builtin___clear_cache() to flush icache. It will skip "ic ivau" for new architecture. The code is like https://github.com/gcc-mirror/gcc/blob/releases/gcc-10/libgcc/config/aarch64/sync-cache.c . 

/* If CTR_EL0.DIC is enabled, Instruction cache cleaning to the Point of
Unification is not required for instruction to data coherence. */

My test platform is armv9, so this instruction is not executed.

I modified jvm to use the old implementation. Now Dynamorio can get the range.

It looks hw_cache_consistency should be enabled for this architecture, I'm not sure if it works well on aarch64.

Kevin

[kevin kuai]

Hi Derek,

  I add an issue to track, https://github.com/DynamoRIO/dynamorio/issues/5771 .

  I will try fix it by hacking the result of "mrs ct_el0", so builtin clear cache can execute "ic ivau". Do you think it's a good idea.

Thanks,

Kevin

[Derek Bruening]

I don't think there's an existing issue on this: could you file one in the tracker?  If you're interested in working on adding this support that would be appreciated.

To view this discussion on the web visit https://groups.google.com/d/msgid/dynamorio-users/66a691fb-d1cb-4c2a-a161-46cb95c372d8n%40googlegroups.com.

[Derek Bruening]

On Fri, Dec 2, 2022 at 8:10 AM kevin kuai <kuai...@gmail.com> wrote:

Hi Derek,

  I add an issue to track, https://github.com/DynamoRIO/dynamorio/issues/5771 . 

  I will try fix it by hacking the result of "mrs ct_el0", so builtin clear cache can execute "ic ivau". Do you think it's a good idea.

This does seem like a reasonable workaround for now, for cases where DR runs the entire application (it won't work for attaching mid-run though since the CTR_EL0 value is typically queried once and cached at startup/first use).

 

To view this discussion on the web visit https://groups.google.com/d/msgid/dynamorio-users/38166698-3840-4417-8091-b73180df5f52n%40googlegroups.com.