Fix GuestMaps in userspace LibAFL QEMU (#2013)

2024-04-08 08:30:23 +02:00 · 2024-04-08 08:30:23 +02:00 · e29897dd44
commit e29897dd44
parent 159da0d311
3 changed files with 16 additions and 17 deletions
--- a/libafl_qemu/libafl_qemu_build/src/build.rs
+++ b/libafl_qemu/libafl_qemu_build/src/build.rs
@ -8,7 +8,7 @@ use which::which;

 const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge";
 const QEMU_DIRNAME: &str = "qemu-libafl-bridge";
-const QEMU_REVISION: &str = "f282d6aef5e28421255293ebbb52d835281f2730";
+const QEMU_REVISION: &str = "821ad471430360c4eed644d07d59f0d603ef23f6";

 pub struct BuildResult {
    pub qemu_path: PathBuf,
--- a/libafl_qemu/libafl_qemu_sys/src/usermode.rs
+++ b/libafl_qemu/libafl_qemu_sys/src/usermode.rs
@ -18,7 +18,8 @@ extern_c_checked! {
    pub fn read_self_maps() -> *const c_void;
    pub fn free_self_maps(map_info: *const c_void);

-    pub fn libafl_maps_next(map_info: *const c_void, ret: *mut MapInfo) -> *const c_void;
+    pub fn libafl_maps_first(root: *const c_void) -> *const c_void;
+    pub fn libafl_maps_next(node: *const c_void, ret: *mut MapInfo, is_root: bool) -> *const c_void;

    pub static exec_path: *const u8;
    pub static guest_base: usize;
--- a/libafl_qemu/src/emu/usermode.rs
+++ b/libafl_qemu/src/emu/usermode.rs
@ -3,8 +3,9 @@ use std::{cell::OnceCell, slice::from_raw_parts, str::from_utf8_unchecked};

 use libafl_qemu_sys::{
    exec_path, free_self_maps, guest_base, libafl_dump_core_hook, libafl_force_dfl, libafl_get_brk,
-    libafl_load_addr, libafl_maps_next, libafl_qemu_run, libafl_set_brk, mmap_next_start,
-    read_self_maps, strlen, GuestAddr, GuestUsize, MapInfo, MmapPerms, VerifyAccess,
+    libafl_load_addr, libafl_maps_first, libafl_maps_next, libafl_qemu_run, libafl_set_brk,
+    mmap_next_start, read_self_maps, strlen, GuestAddr, GuestUsize, MapInfo, MmapPerms,
+    VerifyAccess,
 };
 use libc::c_int;

@ -23,8 +24,8 @@ pub enum HandlerError {
 }

 pub struct GuestMaps {
-    orig_c_iter: *const c_void,
-    c_iter: *const c_void,
+    maps_root: *const c_void,
+    maps_node: *const c_void,
 }

 // Consider a private new only for Emulator
@ -32,10 +33,11 @@ impl GuestMaps {
    #[must_use]
    pub(crate) fn new() -> Self {
        unsafe {
-            let maps = read_self_maps();
+            let root = read_self_maps();
+            let first = libafl_maps_first(root);
            Self {
-                orig_c_iter: maps,
-                c_iter: maps,
+                maps_root: root,
+                maps_node: first,
            }
        }
    }
@ -46,17 +48,13 @@ impl Iterator for GuestMaps {

    #[allow(clippy::uninit_assumed_init)]
    fn next(&mut self) -> Option<Self::Item> {
-        if self.c_iter.is_null() {
+        if self.maps_node.is_null() {
            return None;
        }
        unsafe {
            let mut ret = MaybeUninit::uninit();
-            self.c_iter = libafl_maps_next(self.c_iter, ret.as_mut_ptr());
-            if self.c_iter.is_null() {
-                None
-            } else {
-                Some(ret.assume_init())
-            }
+            self.maps_node = libafl_maps_next(self.maps_node, ret.as_mut_ptr(), false);
+            Some(ret.assume_init())
        }
    }
 }
@ -64,7 +62,7 @@ impl Iterator for GuestMaps {
 impl Drop for GuestMaps {
    fn drop(&mut self) {
        unsafe {
-            free_self_maps(self.orig_c_iter);
+            free_self_maps(self.maps_root);
        }
    }
 }