QEMU: Fix injections build for hexagon, disable on system mode (#1821)

* Fix CI for Clippy, QEMU * Clippy, fixes for system mode * clippy * clippy * fixing new clippy
2024-01-30 04:25:14 +01:00 · 2024-01-30 04:25:14 +01:00 · 244c6b0da5
commit 244c6b0da5
parent 07f9a9d06a
9 changed files with 32 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@ -67,4 +67,4 @@ libafl_nyx/packer
 # No llvm IR
 *.ll

-.tar.gz
+*.tar.gz
--- a/fuzzers/qemu_systemmode/src/fuzzer.rs
+++ b/fuzzers/qemu_systemmode/src/fuzzer.rs
@ -36,6 +36,7 @@ use libafl_qemu::{

 pub static mut MAX_INPUT_SIZE: usize = 50;

+#[allow(clippy::too_many_lines)]
 pub fn fuzz() {
    env_logger::init();

@ -56,12 +57,13 @@ pub fn fuzz() {
    )
    .unwrap();

-    let input_addr = elf
-        .resolve_symbol(
+    let input_addr = GuestPhysAddr::from(
+        elf.resolve_symbol(
            &env::var("FUZZ_INPUT").unwrap_or_else(|_| "FUZZ_INPUT".to_owned()),
            0,
        )
-        .expect("Symbol or env FUZZ_INPUT not found") as GuestPhysAddr;
+        .expect("Symbol or env FUZZ_INPUT not found"),
+    );
    println!("FUZZ_INPUT @ {input_addr:#x}");

    let main_addr = elf
@ -85,14 +87,14 @@ pub fn fuzz() {

        emu.set_breakpoint(main_addr);
        unsafe {
-            emu.run();
+            emu.run().unwrap();
        }
        emu.remove_breakpoint(main_addr);

        emu.set_breakpoint(breakpoint); // BREAKPOINT

        let devices = emu.list_devices();
-        println!("Devices = {:?}", devices);
+        println!("Devices = {devices:?}");

        // let saved_cpu_states: Vec<_> = (0..emu.num_cpus())
        //     .map(|i| emu.cpu_from_index(i).save_state())
@ -115,7 +117,7 @@ pub fn fuzz() {

                emu.write_phys_mem(input_addr, buf);

-                emu.run();
+                emu.run().unwrap();

                // If the execution stops at any point other then the designated breakpoint (e.g. a breakpoint on a panic method) we consider it a crash
                let mut pcs = (0..emu.num_cpus())
--- a/libafl/src/corpus/inmemory_ondisk.rs
+++ b/libafl/src/corpus/inmemory_ondisk.rs
@ -304,7 +304,7 @@ where

                // Try to create lock file for new testcases
                if OpenOptions::new()
-                    .create(true)
+                    .create_new(true)
                    .write(true)
                    .open(self.dir_path.join(new_lock_filename))
                    .is_err()
--- a/libafl_bolts/src/fs.rs
+++ b/libafl_bolts/src/fs.rs
@ -94,17 +94,17 @@ impl Clone for InputFile {

 #[cfg(feature = "std")]
 impl InputFile {
-    /// Creates a new [`InputFile`]
+    /// Creates a new [`InputFile`], or truncates if it already exists
    pub fn create<P>(filename: P) -> Result<Self, Error>
    where
        P: AsRef<Path>,
    {
        let f = OpenOptions::new()
+            .create(true)
            .read(true)
            .write(true)
-            .create(true)
+            .truncate(true)
            .open(&filename)?;
-        f.set_len(0)?;
        Ok(Self {
            path: filename.as_ref().to_owned(),
            file: f,
--- a/libafl_cc/build.rs
+++ b/libafl_cc/build.rs
@ -311,12 +311,12 @@ pub const LIBAFL_CC_LLVM_VERSION: Option<usize> = None;
    let mut cxxflags: Vec<String> = cxxflags.split_whitespace().map(String::from).collect();

    let edges_map_size: usize = option_env!("LIBAFL_EDGES_MAP_SIZE")
-        .map_or(Ok(2621440), str::parse)
+        .map_or(Ok(2_621_440), str::parse)
        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE");
    cxxflags.push(format!("-DLIBAFL_EDGES_MAP_SIZE={edges_map_size}"));

    let acc_map_size: usize = option_env!("LIBAFL_ACCOUNTING_MAP_SIZE")
-        .map_or(Ok(65536), str::parse)
+        .map_or(Ok(65_536), str::parse)
        .expect("Could not parse LIBAFL_ACCOUNTING_MAP_SIZE");
    cxxflags.push(format!("-DLIBAFL_ACCOUNTING_MAP_SIZE={acc_map_size}"));

--- a/libafl_qemu/src/injections.rs
+++ b/libafl_qemu/src/injections.rs
@ -17,10 +17,16 @@ use hashbrown::HashMap;
 use libafl::{inputs::UsesInput, Error};
 use serde::{Deserialize, Serialize};

+#[cfg(not(cpu_target = "hexagon"))]
+use crate::SYS_execve;
 use crate::{
    elf::EasyElf, emu::ArchExtras, CallingConvention, Emulator, GuestAddr, Hook, QemuHelper,
-    QemuHelperTuple, QemuHooks, SYS_execve, SyscallHookResult,
+    QemuHelperTuple, QemuHooks, SyscallHookResult,
 };
+#[cfg(cpu_target = "hexagon")]
+/// Hexagon syscalls are not currently supported by the `syscalls` crate, so we just paste this here for now.
+/// <https://github.com/qemu/qemu/blob/11be70677c70fdccd452a3233653949b79e97908/linux-user/hexagon/syscall_nr.h#L230>
+const SYS_execve: u8 = 221;

 /// Parses `injections.yaml`
 fn parse_yaml<P: AsRef<Path> + Display>(path: P) -> Result<Vec<YamlInjectionEntry>, Error> {
--- a/libafl_qemu/src/lib.rs
+++ b/libafl_qemu/src/lib.rs
@ -82,9 +82,9 @@ pub mod cmplog;
 #[cfg(not(any(cpu_target = "mips", cpu_target = "hexagon")))]
 pub use cmplog::QemuCmpLogHelper;

-#[cfg(feature = "injections")]
+#[cfg(all(emulation_mode = "usermode", feature = "injections"))]
 pub mod injections;
-#[cfg(feature = "injections")]
+#[cfg(all(emulation_mode = "usermode", feature = "injections"))]
 pub use injections::QemuInjectionHelper;

 #[cfg(all(emulation_mode = "usermode", not(cpu_target = "hexagon")))]
--- a/libafl_targets/build.rs
+++ b/libafl_targets/build.rs
@ -2,6 +2,9 @@

 use std::{env, fs::File, io::Write, path::Path};

+const TWO_MB: usize = 2_621_440;
+const SIXTY_FIVE_KB: usize = 65_536;
+
 #[allow(clippy::too_many_lines)]
 fn main() {
    let out_dir = env::var_os("OUT_DIR").unwrap();
@ -14,19 +17,19 @@ fn main() {
    let mut constants_file = File::create(dest_path).expect("Could not create file");

    let edges_map_size: usize = option_env!("LIBAFL_EDGES_MAP_SIZE")
-        .map_or(Ok(2621440), str::parse)
+        .map_or(Ok(TWO_MB), str::parse)
        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE");
    let cmp_map_size: usize = option_env!("LIBAFL_CMP_MAP_SIZE")
-        .map_or(Ok(65536), str::parse)
+        .map_or(Ok(SIXTY_FIVE_KB), str::parse)
        .expect("Could not parse LIBAFL_CMP_MAP_SIZE");
    let cmplog_map_w: usize = option_env!("LIBAFL_CMPLOG_MAP_W")
-        .map_or(Ok(65536), str::parse)
+        .map_or(Ok(SIXTY_FIVE_KB), str::parse)
        .expect("Could not parse LIBAFL_CMPLOG_MAP_W");
    let cmplog_map_h: usize = option_env!("LIBAFL_CMPLOG_MAP_H")
        .map_or(Ok(32), str::parse)
        .expect("Could not parse LIBAFL_CMPLOG_MAP_H");
    let acc_map_size: usize = option_env!("LIBAFL_ACCOUNTING_MAP_SIZE")
-        .map_or(Ok(65536), str::parse)
+        .map_or(Ok(SIXTY_FIVE_KB), str::parse)
        .expect("Could not parse LIBAFL_ACCOUNTING_MAP_SIZE");

    write!(
--- a/libafl_targets/src/lib.rs
+++ b/libafl_targets/src/lib.rs
@ -13,8 +13,7 @@
    clippy::missing_panics_doc,
    clippy::missing_docs_in_private_items,
    clippy::module_name_repetitions,
-    clippy::unreadable_literal,
-    clippy::pub_underscore_fields
+    clippy::unreadable_literal
 )]
 #![cfg_attr(not(test), warn(
    missing_debug_implementations,