libafl_qemu: update qemu to v9.1.1 (#2636)

* update qemu to v9.1.1 * adapting stuff to qemu 9.1 * fix for new qemu gen_callN and x86 decoder * remove outdated qemu configuration option
2024-10-31 17:54:37 +01:00 · 2024-10-31 17:54:37 +01:00 · 6d55626a48
commit 6d55626a48
parent c86e116d9a
4 changed files with 10 additions and 8 deletions
--- a/fuzzers/binary_only/fuzzbench_qemu/Cargo.toml
+++ b/fuzzers/binary_only/fuzzbench_qemu/Cargo.toml
@ -31,6 +31,7 @@ libafl_qemu = { path = "../../../libafl_qemu", features = [
 ] }
 libafl_targets = { path = "../../../libafl_targets", version = "0.13.2" }

+env_logger = "0.11.5"
 log = { version = "0.4.22", features = ["release_max_level_info"] }
 clap = { version = "4.5.18", features = ["default"] }
 nix = { version = "0.29.0", features = ["fs"] }
--- a/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs
+++ b/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs
@ -171,10 +171,11 @@ fn fuzz(
    logfile: PathBuf,
    timeout: Duration,
 ) -> Result<(), Error> {
+    env_logger::init();
    env::remove_var("LD_LIBRARY_PATH");

    let args: Vec<String> = env::args().collect();
-    let qemu = Qemu::init(&args).unwrap();
+    let qemu = Qemu::init(&args).expect("QEMU init failed");
    // let (emu, asan) = init_with_asan(&mut args, &mut env).unwrap();

    let mut elf_buffer = Vec::new();
@ -197,7 +198,8 @@ fn fuzz(

    let stack_ptr: u64 = qemu.read_reg(Regs::Sp).unwrap();
    let mut ret_addr = [0; 8];
-    unsafe { qemu.read_mem(stack_ptr, &mut ret_addr) };
+    qemu.read_mem(stack_ptr, &mut ret_addr)
+        .expect("Error while reading QEMU memory.");
    let ret_addr = u64::from_le_bytes(ret_addr);

    println!("Stack pointer = {stack_ptr:#x}");
@ -337,7 +339,7 @@ fn fuzz(
            }

            unsafe {
-                qemu.write_mem(input_addr, buf);
+                qemu.write_mem_unchecked(input_addr, buf);

                qemu.write_reg(Regs::Rdi, input_addr).unwrap();
                qemu.write_reg(Regs::Rsi, len as GuestReg).unwrap();
@ -397,7 +399,7 @@ fn fuzz(
                println!("Failed to load initial corpus at {:?}", &seed_dir);
                process::exit(0);
            });
-        println!("We imported {} inputs from disk.", state.corpus().count());
+        println!("We imported {} input(s) from disk.", state.corpus().count());
    }

    let tracing = ShadowTracingStage::new(&mut executor);
--- a/libafl_qemu/libafl_qemu_build/src/bindings.rs
+++ b/libafl_qemu/libafl_qemu_build/src/bindings.rs
@ -80,7 +80,6 @@ const WRAPPER_HEADER: &str = r#"
 #include "tcg/tcg.h"
 #include "tcg/tcg-op.h"
 #include "tcg/tcg-internal.h"
-#include "exec/helper-head.h"

 #include "qemu/plugin-memory.h"

--- a/libafl_qemu/libafl_qemu_build/src/build.rs
+++ b/libafl_qemu/libafl_qemu_build/src/build.rs
@ -11,7 +11,7 @@ use crate::cargo_add_rpath;

 pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge";
 pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge";
-pub const QEMU_REVISION: &str = "c3c9c2128566ff325aa1a2bdcedde717f7d86e2c";
+pub const QEMU_REVISION: &str = "b01a0bc334cf11bfc5e8f121d9520ef7f47dbcd1";

 #[allow(clippy::module_name_repetitions)]
 pub struct BuildResult {
@ -158,7 +158,7 @@ fn configure_qemu(
        .arg("--disable-linux-aio")
        .arg("--disable-linux-io-uring")
        .arg("--disable-linux-user")
-        .arg("--disable-live-block-migration")
+        // .arg("--disable-live-block-migration")
        .arg("--disable-lzfse")
        .arg("--disable-lzo")
        .arg("--disable-l2tpv3")
@ -174,7 +174,7 @@ fn configure_qemu(
        .arg("--disable-pa")
        .arg("--disable-parallels")
        .arg("--disable-png")
-        .arg("--disable-pvrdma")
+        // .arg("--disable-pvrdma")
        .arg("--disable-qcow1")
        .arg("--disable-qed")
        .arg("--disable-qga-vss")