search

ahoeller / fies

QEMU-based fault injection
Other
26 stars 11 forks source link

CPU injection - PC trigger issues #1

Open sonicpp opened 7 years ago

sonicpp commented 7 years ago

I am not able to change instruction at specific address (0x000082a8) by new instruction (code: 0xe3530000). Here is my injection XML file:

<?xml version="1.0" encoding="UTF-8"?>
<injection>
    <fault>
        <id>1</id>
        <component>CPU</component>
        <target>INSTRUCTION EXECUTION</target>
        <mode>NEW VALUE</mode>
        <trigger>PC</trigger>
        <params> 
            <address>0x000082a8</address>
            <instruction>0xe3530000</instruction>
        </params>
    </fault>
</injection>

If I understand PC trigger correctly, address param is pointer to the instruction location (injection will be triggered when program counter points to this address) and instruciton is instruction which will be placed on that code address. Unfortunatelly, I cant get it work. I checked that func _do_inject_look_up_errorarm (file fault-injection-injector.c) is called with correct lockup_instruction, but value in env->regs[15] did not change at all.

zwwxy commented 4 months ago

Hello, I have the same question. Changing trigger to ACCESS works, but it doesn't work on PC. Have you found the answer yet?