diff --git a/fuzzers/fuzzbench_qemu/Makefile b/fuzzers/fuzzbench_qemu/Makefile index 679c6d61f9..de10e631ce 100644 --- a/fuzzers/fuzzbench_qemu/Makefile +++ b/fuzzers/fuzzbench_qemu/Makefile @@ -33,7 +33,7 @@ target/$(BUILD_TARGET)/lib$(FUZZER_NAME).a: src/* qemu-libafl-bridge: git clone git@github.com:AFLplusplus/qemu-libafl-bridge.git - cd qemu-libafl-bridge && git checkout f71558480c336b51360e8d382b95c2bb753b785b + cd qemu-libafl-bridge && git checkout beb8bf68beac1f3b522dab9cda2d00d4a2912c5b build/config.status: qemu-libafl-bridge qemu-libafl-bridge/configure mkdir -p build diff --git a/libafl/src/executors/timeout.rs b/libafl/src/executors/timeout.rs index 701a707ba3..0f0629913c 100644 --- a/libafl/src/executors/timeout.rs +++ b/libafl/src/executors/timeout.rs @@ -72,8 +72,8 @@ impl TimeoutExecutor { tv_usec: 0, }; let itimerval = Itimerval { - it_value: it_value, - it_interval: it_interval, + it_value, + it_interval, }; Self { executor, diff --git a/libafl_qemu/src/amd64.rs b/libafl_qemu/src/amd64.rs index b2ac5278d2..28f64ef2ce 100644 --- a/libafl_qemu/src/amd64.rs +++ b/libafl_qemu/src/amd64.rs @@ -23,3 +23,706 @@ pub enum Amd64Regs { Rip = 16, Rflags = 17, } + +#[allow(non_upper_case_globals)] +pub const TARGET_NR_read: i32 = 0; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_write: i32 = 1; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_open: i32 = 2; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_close: i32 = 3; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_stat: i32 = 4; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fstat: i32 = 5; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_lstat: i32 = 6; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_poll: i32 = 7; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_lseek: i32 = 8; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mmap: i32 = 9; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mprotect: i32 = 10; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_munmap: i32 = 11; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_brk: i32 = 12; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_rt_sigaction: i32 = 13; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_rt_sigprocmask: i32 = 14; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_rt_sigreturn: i32 = 15; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_ioctl: i32 = 16; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pread64: i32 = 17; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pwrite64: i32 = 18; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_readv: i32 = 19; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_writev: i32 = 20; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_access: i32 = 21; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pipe: i32 = 22; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_select: i32 = 23; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sched_yield: i32 = 24; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mremap: i32 = 25; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_msync: i32 = 26; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mincore: i32 = 27; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_madvise: i32 = 28; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_shmget: i32 = 29; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_shmat: i32 = 30; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_shmctl: i32 = 31; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_dup: i32 = 32; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_dup2: i32 = 33; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pause: i32 = 34; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_nanosleep: i32 = 35; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getitimer: i32 = 36; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_alarm: i32 = 37; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setitimer: i32 = 38; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getpid: i32 = 39; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sendfile: i32 = 40; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_socket: i32 = 41; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_connect: i32 = 42; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_accept: i32 = 43; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sendto: i32 = 44; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_recvfrom: i32 = 45; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sendmsg: i32 = 46; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_recvmsg: i32 = 47; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_shutdown: i32 = 48; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_bind: i32 = 49; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_listen: i32 = 50; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getsockname: i32 = 51; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getpeername: i32 = 52; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_socketpair: i32 = 53; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setsockopt: i32 = 54; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getsockopt: i32 = 55; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_clone: i32 = 56; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fork: i32 = 57; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_vfork: i32 = 58; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_execve: i32 = 59; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_exit: i32 = 60; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_wait4: i32 = 61; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_kill: i32 = 62; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_uname: i32 = 63; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_semget: i32 = 64; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_semop: i32 = 65; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_semctl: i32 = 66; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_shmdt: i32 = 67; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_msgget: i32 = 68; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_msgsnd: i32 = 69; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_msgrcv: i32 = 70; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_msgctl: i32 = 71; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fcntl: i32 = 72; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_flock: i32 = 73; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fsync: i32 = 74; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fdatasync: i32 = 75; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_truncate: i32 = 76; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_ftruncate: i32 = 77; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getdents: i32 = 78; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getcwd: i32 = 79; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_chdir: i32 = 80; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fchdir: i32 = 81; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_rename: i32 = 82; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mkdir: i32 = 83; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_rmdir: i32 = 84; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_creat: i32 = 85; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_link: i32 = 86; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_unlink: i32 = 87; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_symlink: i32 = 88; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_readlink: i32 = 89; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_chmod: i32 = 90; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fchmod: i32 = 91; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_chown: i32 = 92; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fchown: i32 = 93; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_lchown: i32 = 94; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_umask: i32 = 95; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_gettimeofday: i32 = 96; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getrlimit: i32 = 97; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getrusage: i32 = 98; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sysinfo: i32 = 99; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_times: i32 = 100; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_ptrace: i32 = 101; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getuid: i32 = 102; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_syslog: i32 = 103; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getgid: i32 = 104; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setuid: i32 = 105; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setgid: i32 = 106; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_geteuid: i32 = 107; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getegid: i32 = 108; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setpgid: i32 = 109; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getppid: i32 = 110; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getpgrp: i32 = 111; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setsid: i32 = 112; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setreuid: i32 = 113; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setregid: i32 = 114; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getgroups: i32 = 115; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setgroups: i32 = 116; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setresuid: i32 = 117; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getresuid: i32 = 118; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setresgid: i32 = 119; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getresgid: i32 = 120; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getpgid: i32 = 121; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setfsuid: i32 = 122; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setfsgid: i32 = 123; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getsid: i32 = 124; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_capget: i32 = 125; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_capset: i32 = 126; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_rt_sigpending: i32 = 127; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_rt_sigtimedwait: i32 = 128; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_rt_sigqueueinfo: i32 = 129; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_rt_sigsuspend: i32 = 130; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sigaltstack: i32 = 131; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_utime: i32 = 132; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mknod: i32 = 133; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_uselib: i32 = 134; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_personality: i32 = 135; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_ustat: i32 = 136; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_statfs: i32 = 137; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fstatfs: i32 = 138; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sysfs: i32 = 139; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getpriority: i32 = 140; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setpriority: i32 = 141; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sched_setparam: i32 = 142; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sched_getparam: i32 = 143; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sched_setscheduler: i32 = 144; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sched_getscheduler: i32 = 145; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sched_get_priority_max: i32 = 146; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sched_get_priority_min: i32 = 147; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sched_rr_get_interval: i32 = 148; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mlock: i32 = 149; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_munlock: i32 = 150; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mlockall: i32 = 151; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_munlockall: i32 = 152; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_vhangup: i32 = 153; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_modify_ldt: i32 = 154; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pivot_root: i32 = 155; +#[allow(non_upper_case_globals)] +pub const TARGET_NR__sysctl: i32 = 156; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_prctl: i32 = 157; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_arch_prctl: i32 = 158; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_adjtimex: i32 = 159; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setrlimit: i32 = 160; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_chroot: i32 = 161; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sync: i32 = 162; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_acct: i32 = 163; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_settimeofday: i32 = 164; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mount: i32 = 165; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_umount2: i32 = 166; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_swapon: i32 = 167; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_swapoff: i32 = 168; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_reboot: i32 = 169; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sethostname: i32 = 170; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setdomainname: i32 = 171; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_iopl: i32 = 172; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_ioperm: i32 = 173; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_create_module: i32 = 174; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_init_module: i32 = 175; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_delete_module: i32 = 176; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_get_kernel_syms: i32 = 177; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_query_module: i32 = 178; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_quotactl: i32 = 179; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_nfsservctl: i32 = 180; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getpmsg: i32 = 181; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_putpmsg: i32 = 182; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_afs_syscall: i32 = 183; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_tuxcall: i32 = 184; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_security: i32 = 185; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_gettid: i32 = 186; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_readahead: i32 = 187; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setxattr: i32 = 188; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_lsetxattr: i32 = 189; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fsetxattr: i32 = 190; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getxattr: i32 = 191; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_lgetxattr: i32 = 192; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fgetxattr: i32 = 193; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_listxattr: i32 = 194; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_llistxattr: i32 = 195; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_flistxattr: i32 = 196; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_removexattr: i32 = 197; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_lremovexattr: i32 = 198; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fremovexattr: i32 = 199; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_tkill: i32 = 200; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_time: i32 = 201; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_futex: i32 = 202; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sched_setaffinity: i32 = 203; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sched_getaffinity: i32 = 204; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_set_thread_area: i32 = 205; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_io_setup: i32 = 206; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_io_destroy: i32 = 207; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_io_getevents: i32 = 208; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_io_submit: i32 = 209; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_io_cancel: i32 = 210; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_get_thread_area: i32 = 211; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_lookup_dcookie: i32 = 212; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_epoll_create: i32 = 213; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_epoll_ctl_old: i32 = 214; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_epoll_wait_old: i32 = 215; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_remap_file_pages: i32 = 216; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getdents64: i32 = 217; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_set_tid_address: i32 = 218; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_restart_syscall: i32 = 219; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_semtimedop: i32 = 220; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fadvise64: i32 = 221; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_timer_create: i32 = 222; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_timer_settime: i32 = 223; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_timer_gettime: i32 = 224; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_timer_getoverrun: i32 = 225; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_timer_delete: i32 = 226; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_clock_settime: i32 = 227; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_clock_gettime: i32 = 228; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_clock_getres: i32 = 229; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_clock_nanosleep: i32 = 230; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_exit_group: i32 = 231; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_epoll_wait: i32 = 232; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_epoll_ctl: i32 = 233; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_tgkill: i32 = 234; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_utimes: i32 = 235; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_vserver: i32 = 236; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mbind: i32 = 237; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_set_mempolicy: i32 = 238; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_get_mempolicy: i32 = 239; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mq_open: i32 = 240; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mq_unlink: i32 = 241; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mq_timedsend: i32 = 242; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mq_timedreceive: i32 = 243; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mq_notify: i32 = 244; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mq_getsetattr: i32 = 245; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_kexec_load: i32 = 246; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_waitid: i32 = 247; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_add_key: i32 = 248; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_request_key: i32 = 249; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_keyctl: i32 = 250; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_ioprio_set: i32 = 251; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_ioprio_get: i32 = 252; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_inotify_init: i32 = 253; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_inotify_add_watch: i32 = 254; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_inotify_rm_watch: i32 = 255; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_migrate_pages: i32 = 256; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_openat: i32 = 257; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mkdirat: i32 = 258; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mknodat: i32 = 259; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fchownat: i32 = 260; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_futimesat: i32 = 261; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_newfstatat: i32 = 262; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_unlinkat: i32 = 263; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_renameat: i32 = 264; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_linkat: i32 = 265; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_symlinkat: i32 = 266; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_readlinkat: i32 = 267; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fchmodat: i32 = 268; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_faccessat: i32 = 269; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pselect6: i32 = 270; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_ppoll: i32 = 271; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_unshare: i32 = 272; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_set_robust_list: i32 = 273; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_get_robust_list: i32 = 274; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_splice: i32 = 275; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_tee: i32 = 276; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sync_file_range: i32 = 277; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_vmsplice: i32 = 278; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_move_pages: i32 = 279; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_utimensat: i32 = 280; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_epoll_pwait: i32 = 281; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_signalfd: i32 = 282; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_timerfd_create: i32 = 283; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_eventfd: i32 = 284; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fallocate: i32 = 285; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_timerfd_settime: i32 = 286; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_timerfd_gettime: i32 = 287; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_accept4: i32 = 288; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_signalfd4: i32 = 289; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_eventfd2: i32 = 290; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_epoll_create1: i32 = 291; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_dup3: i32 = 292; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pipe2: i32 = 293; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_inotify_init1: i32 = 294; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_preadv: i32 = 295; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pwritev: i32 = 296; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_rt_tgsigqueueinfo: i32 = 297; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_perf_event_open: i32 = 298; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_recvmmsg: i32 = 299; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fanotify_init: i32 = 300; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fanotify_mark: i32 = 301; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_prlimit64: i32 = 302; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_name_to_handle_at: i32 = 303; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_open_by_handle_at: i32 = 304; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_clock_adjtime: i32 = 305; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_syncfs: i32 = 306; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sendmmsg: i32 = 307; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_setns: i32 = 308; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getcpu: i32 = 309; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_process_vm_readv: i32 = 310; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_process_vm_writev: i32 = 311; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_kcmp: i32 = 312; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_finit_module: i32 = 313; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sched_setattr: i32 = 314; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_sched_getattr: i32 = 315; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_renameat2: i32 = 316; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_seccomp: i32 = 317; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_getrandom: i32 = 318; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_memfd_create: i32 = 319; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_kexec_file_load: i32 = 320; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_bpf: i32 = 321; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_execveat: i32 = 322; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_userfaultfd: i32 = 323; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_membarrier: i32 = 324; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_mlock2: i32 = 325; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_copy_file_range: i32 = 326; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_preadv2: i32 = 327; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pwritev2: i32 = 328; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pkey_mprotect: i32 = 329; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pkey_alloc: i32 = 330; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pkey_free: i32 = 331; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_statx: i32 = 332; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_io_pgetevents: i32 = 333; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_rseq: i32 = 334; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pidfd_send_signal: i32 = 424; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_io_uring_setup: i32 = 425; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_io_uring_enter: i32 = 426; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_io_uring_register: i32 = 427; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_open_tree: i32 = 428; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_move_mount: i32 = 429; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fsopen: i32 = 430; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fsconfig: i32 = 431; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fsmount: i32 = 432; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_fspick: i32 = 433; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pidfd_open: i32 = 434; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_clone3: i32 = 435; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_close_range: i32 = 436; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_openat2: i32 = 437; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_pidfd_getfd: i32 = 438; +#[allow(non_upper_case_globals)] +pub const TARGET_NR_faccessat2: i32 = 439; diff --git a/libafl_qemu/src/emu.rs b/libafl_qemu/src/emu.rs index 1ef7e51604..8071ab95ae 100644 --- a/libafl_qemu/src/emu.rs +++ b/libafl_qemu/src/emu.rs @@ -7,6 +7,12 @@ use std::{mem::size_of, slice::from_raw_parts, str::from_utf8_unchecked}; pub const SKIP_EXEC_HOOK: u32 = u32::MAX; +#[repr(C)] +pub struct SyscallHookResult { + retval: u64, + skip_syscall: bool, +} + extern "C" { fn libafl_qemu_write_reg(reg: i32, val: *const u8) -> i32; fn libafl_qemu_read_reg(reg: i32, val: *mut u8) -> i32; @@ -38,6 +44,9 @@ extern "C" { static mut libafl_exec_cmp_hook4: unsafe extern "C" fn(u32, u32, u32); static mut libafl_exec_cmp_hook8: unsafe extern "C" fn(u32, u64, u64); static mut libafl_gen_cmp_hook: unsafe extern "C" fn(u64, u32) -> u32; + + static mut libafl_syscall_hook: + unsafe extern "C" fn(i32, u64, u64, u64, u64, u64, u64, u64, u64) -> SyscallHookResult; } #[derive(IntoPrimitive, TryFromPrimitive, Clone, Copy)] @@ -202,3 +211,9 @@ pub fn set_exec_cmp8_hook(hook: extern "C" fn(id: u32, v0: u64, v1: u64)) { pub fn set_gen_cmp_hook(hook: extern "C" fn(addr: u64, size: u32) -> u32) { unsafe { libafl_gen_cmp_hook = hook }; } + +pub fn set_syscall_hook( + hook: extern "C" fn(i32, u64, u64, u64, u64, u64, u64, u64, u64) -> SyscallHookResult, +) { + unsafe { libafl_syscall_hook = hook }; +} diff --git a/libafl_qemu/src/executor.rs b/libafl_qemu/src/executor.rs index 8d3e40da88..e2660c3304 100644 --- a/libafl_qemu/src/executor.rs +++ b/libafl_qemu/src/executor.rs @@ -12,6 +12,7 @@ use libafl::{ Error, }; +pub use crate::emu::SyscallHookResult; use crate::{emu, emu::SKIP_EXEC_HOOK}; static mut GEN_EDGE_HOOK_PTR: *const c_void = ptr::null(); @@ -131,6 +132,14 @@ where pub fn hook_cmp8_execution(&self, hook: extern "C" fn(id: u32, v0: u64, v1: u64)) { emu::set_exec_cmp8_hook(hook); } + + #[allow(clippy::unused_self)] + pub fn hook_syscalls( + &self, + hook: extern "C" fn(i32, u64, u64, u64, u64, u64, u64, u64, u64) -> SyscallHookResult, + ) { + emu::set_syscall_hook(hook); + } } impl<'a, EM, H, I, OT, S, Z> Executor for QemuExecutor<'a, H, I, OT, S> diff --git a/libafl_qemu/src/weaks.c b/libafl_qemu/src/weaks.c index beff45be65..66f6349dc3 100644 --- a/libafl_qemu/src/weaks.c +++ b/libafl_qemu/src/weaks.c @@ -1,5 +1,6 @@ #include #include +#include typedef int64_t abi_long; typedef uint64_t abi_ulong; @@ -70,3 +71,11 @@ __attribute__((weak)) void (*libafl_exec_cmp_hook2)(uint32_t, uint16_t, uint16_t __attribute__((weak)) void (*libafl_exec_cmp_hook4)(uint32_t, uint32_t, uint32_t); __attribute__((weak)) void (*libafl_exec_cmp_hook8)(uint32_t, uint64_t, uint64_t); __attribute__((weak)) uint32_t (*libafl_gen_cmp_hook)(uint64_t, uint32_t); + +struct syshook_ret { + uint64_t retval; + bool skip_syscall; +}; +__attribute__((weak)) struct syshook_ret (*libafl_syscall_hook)(int, uint64_t, + uint64_t, uint64_t, uint64_t, uint64_t, + uint64_t, uint64_t, uint64_t);