SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libafl_qemu: update qemu to v9.1.1 (#2636)

Browse Source 
* update qemu to v9.1.1

* adapting stuff to qemu 9.1

* fix for new qemu gen_callN and x86 decoder

* remove outdated qemu configuration option
This commit is contained in:
Romain Malmain 2024-10-31 17:54:37 +01:00 committed by GitHub
parent c86e116d9a
commit 6d55626a48
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fuzzers/binary_only/fuzzbench_qemu/Cargo.toml
View File

@ -31,6 +31,7 @@ libafl_qemu = { path = "../../../libafl_qemu", features = [
] } ] }
libafl_targets = { path = "../../../libafl_targets", version = "0.13.2" } libafl_targets = { path = "../../../libafl_targets", version = "0.13.2" }
env_logger = "0.11.5"
log = { version = "0.4.22", features = ["release_max_level_info"] } log = { version = "0.4.22", features = ["release_max_level_info"] }
clap = { version = "4.5.18", features = ["default"] } clap = { version = "4.5.18", features = ["default"] }
nix = { version = "0.29.0", features = ["fs"] } nix = { version = "0.29.0", features = ["fs"] }

10
fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs
View File

@ -171,10 +171,11 @@ fn fuzz(
logfile: PathBuf, logfile: PathBuf,
timeout: Duration, timeout: Duration,
) -> Result<(), Error> { ) -> Result<(), Error> {
env_logger::init();
env::remove_var("LD_LIBRARY_PATH"); env::remove_var("LD_LIBRARY_PATH");
let args: Vec<String> = env::args().collect(); let args: Vec<String> = env::args().collect();
let qemu = Qemu::init(&args).unwrap(); let qemu = Qemu::init(&args).expect("QEMU init failed");
// let (emu, asan) = init_with_asan(&mut args, &mut env).unwrap(); // let (emu, asan) = init_with_asan(&mut args, &mut env).unwrap();
let mut elf_buffer = Vec::new(); let mut elf_buffer = Vec::new();
@ -197,7 +198,8 @@ fn fuzz(
let stack_ptr: u64 = qemu.read_reg(Regs::Sp).unwrap(); let stack_ptr: u64 = qemu.read_reg(Regs::Sp).unwrap();
let mut ret_addr = [0; 8]; let mut ret_addr = [0; 8];
unsafe { qemu.read_mem(stack_ptr, &mut ret_addr) }; qemu.read_mem(stack_ptr, &mut ret_addr)
.expect("Error while reading QEMU memory.");
let ret_addr = u64::from_le_bytes(ret_addr); let ret_addr = u64::from_le_bytes(ret_addr);
println!("Stack pointer = {stack_ptr:#x}"); println!("Stack pointer = {stack_ptr:#x}");
@ -337,7 +339,7 @@ fn fuzz(
} }
unsafe { unsafe {
qemu.write_mem(input_addr, buf); qemu.write_mem_unchecked(input_addr, buf);
qemu.write_reg(Regs::Rdi, input_addr).unwrap(); qemu.write_reg(Regs::Rdi, input_addr).unwrap();
qemu.write_reg(Regs::Rsi, len as GuestReg).unwrap(); qemu.write_reg(Regs::Rsi, len as GuestReg).unwrap();
@ -397,7 +399,7 @@ fn fuzz(
println!("Failed to load initial corpus at {:?}", &seed_dir); println!("Failed to load initial corpus at {:?}", &seed_dir);
process::exit(0); process::exit(0);
}); });
println!("We imported {} inputs from disk.", state.corpus().count()); println!("We imported {} input(s) from disk.", state.corpus().count());
} }
let tracing = ShadowTracingStage::new(&mut executor); let tracing = ShadowTracingStage::new(&mut executor);

1
libafl_qemu/libafl_qemu_build/src/bindings.rs
View File

@ -80,7 +80,6 @@ const WRAPPER_HEADER: &str = r#"
#include "tcg/tcg.h" #include "tcg/tcg.h"
#include "tcg/tcg-op.h" #include "tcg/tcg-op.h"
#include "tcg/tcg-internal.h" #include "tcg/tcg-internal.h"
#include "exec/helper-head.h"
#include "qemu/plugin-memory.h" #include "qemu/plugin-memory.h"

6
libafl_qemu/libafl_qemu_build/src/build.rs
View File

@ -11,7 +11,7 @@ use crate::cargo_add_rpath;
pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge"; pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge";
pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge"; pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge";
pub const QEMU_REVISION: &str = "c3c9c2128566ff325aa1a2bdcedde717f7d86e2c"; pub const QEMU_REVISION: &str = "b01a0bc334cf11bfc5e8f121d9520ef7f47dbcd1";
#[allow(clippy::module_name_repetitions)] #[allow(clippy::module_name_repetitions)]
pub struct BuildResult { pub struct BuildResult {
@ -158,7 +158,7 @@ fn configure_qemu(
.arg("--disable-linux-aio") .arg("--disable-linux-aio")
.arg("--disable-linux-io-uring") .arg("--disable-linux-io-uring")
.arg("--disable-linux-user") .arg("--disable-linux-user")
.arg("--disable-live-block-migration") // .arg("--disable-live-block-migration")
.arg("--disable-lzfse") .arg("--disable-lzfse")
.arg("--disable-lzo") .arg("--disable-lzo")
.arg("--disable-l2tpv3") .arg("--disable-l2tpv3")
@ -174,7 +174,7 @@ fn configure_qemu(
.arg("--disable-pa") .arg("--disable-pa")
.arg("--disable-parallels") .arg("--disable-parallels")
.arg("--disable-png") .arg("--disable-png")
.arg("--disable-pvrdma") // .arg("--disable-pvrdma")
.arg("--disable-qcow1") .arg("--disable-qcow1")
.arg("--disable-qed") .arg("--disable-qed")
.arg("--disable-qga-vss") .arg("--disable-qga-vss")