SYS-OSS/FRET-qemu
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Moving libafl related files in dedicating folders (#60)

Browse Source 
* Restructuration of libafl dirs. Formatting + export of maps struct and functions.

* Fix wrong header path.

* Fix misc path
This commit is contained in:
Romain Malmain 2024-04-11 16:45:36 +02:00 committed by GitHub
parent e99b9da658
commit 50b0c90e0a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
26 changed files with 113 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
accel/tcg/cpu-exec.c
View File

@ -715,7 +715,7 @@ static inline void cpu_handle_debug_exception(CPUState *cpu)
//// --- Begin LibAFL code ---
#include "libafl_extras/exit.h"
#include "libafl/exit.h"
//// --- End LibAFL code ---

2
accel/tcg/tcg-runtime.c
View File

@ -37,7 +37,7 @@
//// --- Begin LibAFL code ---
#include "libafl_extras/exit.h"
#include "libafl/exit.h"
#ifndef CONFIG_USER_ONLY

2
accel/tcg/translate-all.c
View File

@ -68,7 +68,7 @@
//// --- Begin LibAFL code ---
#include "libafl_extras/hook.h"
#include "libafl/hook.h"
//// --- End LibAFL code ---

4
accel/tcg/translator.c
View File

@ -114,8 +114,8 @@ static void gen_tb_end(const TranslationBlock *tb, uint32_t cflags,
//// --- Begin LibAFL code ---
#include "libafl_extras/exit.h"
#include "libafl_extras/hook.h"
#include "libafl/exit.h"
#include "libafl/hook.h"
#ifndef TARGET_LONG_BITS
#error "TARGET_LONG_BITS not defined"

2
block/block-backend.c
View File

@ -30,7 +30,7 @@
//// --- Begin LibAFL code ---
#ifdef CONFIG_SOFTMMU
#include "libafl_extras/syx-snapshot/syx-snapshot.h"
#include "libafl/syx-snapshot/syx-snapshot.h"
#endif
//// --- End LibAFL code ---

4
cpu-target.c
View File

@ -45,8 +45,8 @@
//// --- Begin LibAFL code ---
#include "libafl_extras/exit.h"
#include "libafl_extras/hook.h"
#include "libafl/exit.h"
#include "libafl/hook.h"
static __thread GByteArray *libafl_qemu_mem_buf = NULL;

0
libafl_extras/exit.h → include/libafl/exit.h
View File

0
libafl_extras/hook.h → include/libafl/hook.h
View File

0
libafl_extras/jit.h → include/libafl/jit.h
View File

0
libafl_extras/syx-misc.h → include/libafl/syx-misc.h
View File

0
libafl_extras/syx-snapshot/channel-buffer-writeback.h → include/libafl/syx-snapshot/channel-buffer-writeback.h
View File

0
libafl_extras/syx-snapshot/device-save.h → include/libafl/syx-snapshot/device-save.h
View File

0
libafl_extras/syx-snapshot/syx-cow-cache.h → include/libafl/syx-snapshot/syx-cow-cache.h
View File

2
libafl_extras/syx-snapshot/syx-snapshot.h → include/libafl/syx-snapshot/syx-snapshot.h
View File

@ -14,7 +14,7 @@
#include "device-save.h"
#include "syx-cow-cache.h"
#include "../syx-misc.h"
#include "libafl/syx-misc.h"
#define SYX_SNAPSHOT_COW_CACHE_DEFAULT_CHUNK_SIZE 64
#define SYX_SNAPSHOT_COW_CACHE_DEFAULT_MAX_BLOCKS (1024 * 1024)

16
include/libafl/user.h Normal file
View File

@ -0,0 +1,16 @@
#pragma once
#include "qemu/osdep.h"
#include "qapi/error.h"
struct libafl_mapinfo {
target_ulong start;
target_ulong end;
target_ulong offset;
const char* path;
int flags;
int is_priv;
};
IntervalTreeNode * libafl_maps_first(IntervalTreeRoot * map_info);
IntervalTreeNode * libafl_maps_next(IntervalTreeNode *node, struct libafl_mapinfo* ret);

2
libafl_extras/exit.c → libafl/exit.c
View File

@ -1,4 +1,4 @@
#include "exit.h"
#include "libafl/exit.h"
#include "sysemu/runstate.h"
#include "cpu.h"

126
libafl_extras/hook.c → libafl/hook.c
View File

@ -4,8 +4,8 @@
#include "exec/exec-all.h"
#include "exec/tb-flush.h"
#include "hook.h"
#include "exit.h"
#include "libafl/hook.h"
#include "libafl/exit.h"
#ifndef TARGET_LONG_BITS
#error "TARGET_LONG_BITS not defined"
@ -48,7 +48,7 @@ size_t libafl_qemu_remove_hooks_at(target_ulong addr, int invalidate)
{
CPUState *cpu;
size_t r = 0;
size_t idx = LIBAFL_TABLES_HASH(addr);
struct libafl_hook** hk = &libafl_qemu_hooks[idx];
while (*hk) {
@ -74,7 +74,7 @@ int libafl_qemu_remove_hook(size_t num, int invalidate)
{
CPUState *cpu;
size_t idx;
for (idx = 0; idx < LIBAFL_TABLES_SIZE; ++idx) {
struct libafl_hook** hk = &libafl_qemu_hooks[idx];
while (*hk) {
@ -108,7 +108,7 @@ struct libafl_hook* libafl_search_hook(target_ulong addr)
}
hk = hk->next;
}
return NULL;
}
@ -158,12 +158,12 @@ int libafl_qemu_remove_##name##_hook(size_t num) \
}
static TCGHelperInfo libafl_exec_backdoor_hook_info = {
.func = NULL, .name = "libafl_exec_backdoor_hook",
.flags = dh_callflag(void),
.typemask = dh_typemask(void, 0)
| dh_typemask(env, 1)
| dh_typemask(i64, 2)
| dh_typemask(tl, 3)
.func = NULL, .name = "libafl_exec_backdoor_hook",
.flags = dh_callflag(void),
.typemask = dh_typemask(void, 0)
| dh_typemask(env, 1)
| dh_typemask(i64, 2)
| dh_typemask(tl, 3)
};
struct libafl_backdoor_hook* libafl_backdoor_hooks;
@ -178,27 +178,27 @@ size_t libafl_add_backdoor_hook(void (*exec)(uint64_t data, CPUArchState* cpu, t
hook->num = libafl_backdoor_hooks_num++;
hook->next = libafl_backdoor_hooks;
libafl_backdoor_hooks = hook;
memcpy(&hook->helper_info, &libafl_exec_backdoor_hook_info, sizeof(TCGHelperInfo));
hook->helper_info.func = exec;
return hook->num;
}
GEN_REMOVE_HOOK(backdoor)
static TCGHelperInfo libafl_exec_edge_hook_info = {
.func = NULL, .name = "libafl_exec_edge_hook",
.flags = dh_callflag(void),
.typemask = dh_typemask(void, 0) | dh_typemask(i64, 1) | dh_typemask(i64, 2)
.func = NULL, .name = "libafl_exec_edge_hook",
.flags = dh_callflag(void),
.typemask = dh_typemask(void, 0) | dh_typemask(i64, 1) | dh_typemask(i64, 2)
};
struct libafl_edge_hook* libafl_edge_hooks;
size_t libafl_edge_hooks_num = 0;
size_t libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, target_ulong dst),
void (*exec)(uint64_t data, uint64_t id),
uint64_t data)
void (*exec)(uint64_t data, uint64_t id),
uint64_t data)
{
CPUState *cpu;
CPU_FOREACH(cpu) {
@ -212,12 +212,12 @@ size_t libafl_add_edge_hook(uint64_t (*gen)(uint64_t data, target_ulong src, tar
hook->num = libafl_edge_hooks_num++;
hook->next = libafl_edge_hooks;
libafl_edge_hooks = hook;
if (exec) {
memcpy(&hook->helper_info, &libafl_exec_edge_hook_info, sizeof(TCGHelperInfo));
hook->helper_info.func = exec;
}
return hook->num;
}
@ -262,12 +262,12 @@ size_t libafl_add_block_hook(uint64_t (*gen)(uint64_t data, target_ulong pc),
hook->num = libafl_block_hooks_num++;
hook->next = libafl_block_hooks;
libafl_block_hooks = hook;
if (exec) {
memcpy(&hook->helper_info, &libafl_exec_block_hook_info, sizeof(TCGHelperInfo));
hook->helper_info.func = exec;
}
return hook->num;
}
@ -343,12 +343,12 @@ struct libafl_rw_hook* libafl_read_hooks;
size_t libafl_read_hooks_num = 0;
size_t libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, TCGTemp *addr, MemOpIdx oi),
void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
uint64_t data)
void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
uint64_t data)
{
CPUState *cpu;
CPU_FOREACH(cpu) {
@ -366,7 +366,7 @@ size_t libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, TCGT
hook->num = libafl_read_hooks_num++;
hook->next = libafl_read_hooks;
libafl_read_hooks = hook;
if (exec1) {
memcpy(&hook->helper_info1, &libafl_exec_read_hook1_info, sizeof(TCGHelperInfo));
hook->helper_info1.func = exec1;
@ -387,7 +387,7 @@ size_t libafl_add_read_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, TCGT
memcpy(&hook->helper_infoN, &libafl_exec_read_hookN_info, sizeof(TCGHelperInfo));
hook->helper_infoN.func = execN;
}
return hook->num;
}
@ -420,7 +420,7 @@ size_t libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, TCG
hook->num = libafl_write_hooks_num++;
hook->next = libafl_write_hooks;
libafl_write_hooks = hook;
if (exec1) {
memcpy(&hook->helper_info1, &libafl_exec_write_hook1_info, sizeof(TCGHelperInfo));
hook->helper_info1.func = exec1;
@ -441,7 +441,7 @@ size_t libafl_add_write_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, TCG
memcpy(&hook->helper_infoN, &libafl_exec_write_hookN_info, sizeof(TCGHelperInfo));
hook->helper_infoN.func = execN;
}
return hook->num;
}
@ -464,7 +464,7 @@ static void libafl_gen_rw(TCGTemp *addr, MemOpIdx oi, struct libafl_rw_hook* hoo
if (info) {
TCGv_i64 tmp0 = tcg_constant_i64(hook->data);
TCGv_i64 tmp1 = tcg_constant_i64(cur_id);
TCGTemp *tmp2[3] = { tcgv_i64_temp(tmp0),
TCGTemp *tmp2[3] = { tcgv_i64_temp(tmp0),
tcgv_i64_temp(tmp1),
addr };
tcg_gen_callN(info, NULL, tmp2);
@ -510,36 +510,36 @@ static TCGHelperInfo libafl_exec_cmp_hook1_info = {
.func = NULL, .name = "libafl_exec_cmp_hook1",
.flags = dh_callflag(void),
.typemask = dh_typemask(void, 0) | dh_typemask(i64, 1)
| dh_typemask(i64, 2) | dh_typemask(tl, 3) | dh_typemask(tl, 4)
| dh_typemask(i64, 2) | dh_typemask(tl, 3) | dh_typemask(tl, 4)
};
static TCGHelperInfo libafl_exec_cmp_hook2_info = {
.func = NULL, .name = "libafl_exec_cmp_hook2",
.flags = dh_callflag(void),
.typemask = dh_typemask(void, 0) | dh_typemask(i64, 1)
| dh_typemask(i64, 2) | dh_typemask(tl, 3) | dh_typemask(tl, 4)
| dh_typemask(i64, 2) | dh_typemask(tl, 3) | dh_typemask(tl, 4)
};
static TCGHelperInfo libafl_exec_cmp_hook4_info = {
.func = NULL, .name = "libafl_exec_cmp_hook4",
.flags = dh_callflag(void),
.typemask = dh_typemask(void, 0) | dh_typemask(i64, 1)
| dh_typemask(i64, 2) | dh_typemask(tl, 3) | dh_typemask(tl, 4)
| dh_typemask(i64, 2) | dh_typemask(tl, 3) | dh_typemask(tl, 4)
};
static TCGHelperInfo libafl_exec_cmp_hook8_info = {
.func = NULL, .name = "libafl_exec_cmp_hook8",
.flags = dh_callflag(void),
.typemask = dh_typemask(void, 0) | dh_typemask(i64, 1)
| dh_typemask(i64, 2) | dh_typemask(i64, 3) | dh_typemask(i64, 4)
| dh_typemask(i64, 2) | dh_typemask(i64, 3) | dh_typemask(i64, 4)
};
struct libafl_cmp_hook* libafl_cmp_hooks;
size_t libafl_cmp_hooks_num = 0;
size_t libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_t size),
void (*exec1)(uint64_t data, uint64_t id, uint8_t v0, uint8_t v1),
void (*exec2)(uint64_t data, uint64_t id, uint16_t v0, uint16_t v1),
void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1),
void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1),
uint64_t data)
void (*exec1)(uint64_t data, uint64_t id, uint8_t v0, uint8_t v1),
void (*exec2)(uint64_t data, uint64_t id, uint16_t v0, uint16_t v1),
void (*exec4)(uint64_t data, uint64_t id, uint32_t v0, uint32_t v1),
void (*exec8)(uint64_t data, uint64_t id, uint64_t v0, uint64_t v1),
uint64_t data)
{
CPUState *cpu;
CPU_FOREACH(cpu) {
@ -556,7 +556,7 @@ size_t libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_
hook->num = libafl_cmp_hooks_num++;
hook->next = libafl_cmp_hooks;
libafl_cmp_hooks = hook;
if (exec1) {
memcpy(&hook->helper_info1, &libafl_exec_cmp_hook1_info, sizeof(TCGHelperInfo));
hook->helper_info1.func = exec1;
@ -573,7 +573,7 @@ size_t libafl_add_cmp_hook(uint64_t (*gen)(uint64_t data, target_ulong pc, size_
memcpy(&hook->helper_info8, &libafl_exec_cmp_hook8_info, sizeof(TCGHelperInfo));
hook->helper_info8.func = exec8;
}
return hook->num;
}
@ -583,20 +583,20 @@ void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot)
{
size_t size = 0;
switch (ot & MO_SIZE) {
case MO_64:
size = 8;
break;
case MO_32:
size = 4;
break;
case MO_16:
size = 2;
break;
case MO_8:
size = 1;
break;
default:
return;
case MO_64:
size = 8;
break;
case MO_32:
size = 4;
break;
case MO_16:
size = 2;
break;
case MO_8:
size = 1;
break;
default:
return;
}
struct libafl_cmp_hook* hook = libafl_cmp_hooks;
@ -646,7 +646,7 @@ size_t libafl_add_pre_syscall_hook(struct syshook_ret (*callback)(
hook->num = libafl_pre_syscall_hooks_num++;
hook->next = libafl_pre_syscall_hooks;
libafl_pre_syscall_hooks = hook;
return hook->num;
}
@ -664,7 +664,7 @@ size_t libafl_add_post_syscall_hook(target_ulong (*callback)(
hook->num = libafl_post_syscall_hooks_num++;
hook->next = libafl_post_syscall_hooks;
libafl_post_syscall_hooks = hook;
return hook->num;
}
@ -682,7 +682,7 @@ size_t libafl_add_new_thread_hook(bool (*callback)(uint64_t data, uint32_t tid),
hook->num = libafl_new_thread_hooks_num++;
hook->next = libafl_new_thread_hooks;
libafl_new_thread_hooks = hook;
return hook->num;
}
@ -700,14 +700,14 @@ void libafl_tcg_gen_asan(TCGTemp * addr, size_t size)
{
if (size == 0)
return;
TCGv addr_val = temp_tcgv_tl(addr);
TCGv k = tcg_temp_new();
TCGv shadow_addr = tcg_temp_new();
TCGv_ptr shadow_ptr = tcg_temp_new_ptr();
TCGv shadow_val = tcg_temp_new();
TCGv test_addr = tcg_temp_new();
TCGv_ptr test_ptr = tcg_temp_new_ptr();
TCGv_ptr test_ptr = tcg_temp_new_ptr();
tcg_gen_andi_tl(k, addr_val, 7);
tcg_gen_addi_tl(k, k, size - 1);

2
libafl_extras/jit.c → libafl/jit.c
View File

@ -3,7 +3,7 @@
#include "exec/exec-all.h"
#include "jit.h"
#include "libafl/jit.h"
#ifndef TARGET_LONG_BITS
#error "TARGET_LONG_BITS not defined"

8
libafl_extras/meson.build → libafl/meson.build
View File

@ -1,7 +1,13 @@
specific_ss.add(files(
'exit.c',
'hook.c',
'jit.c'
))
specific_ss.add(when: 'CONFIG_SOFTMMU', if_true: [files(
'syx-snapshot/device-save.c',
'syx-snapshot/syx-snapshot.c',
'syx-snapshot/syx-cow-cache.c',
'syx-snapshot/channel-buffer-writeback.c',
)])
specific_ss.add(files('exit.c', 'hook.c', 'jit.c'))

5
libafl_extras/syx-snapshot/channel-buffer-writeback.c → libafl/syx-snapshot/channel-buffer-writeback.c
View File

@ -1,7 +1,8 @@
#include "qemu/osdep.h"
#include "migration/qemu-file.h"
#include "channel-buffer-writeback.h"
#include "../syx-misc.h"
#include "libafl/syx-misc.h"
#include "libafl/syx-snapshot/channel-buffer-writeback.h"
QIOChannelBufferWriteback* qio_channel_buffer_writeback_new(size_t capacity, uint8_t* writeback_buf, size_t writeback_buf_capacity, size_t* writeback_buf_usage) {
assert(writeback_buf != NULL);

7
libafl_extras/syx-snapshot/device-save.c → libafl/syx-snapshot/device-save.c
View File

@ -1,11 +1,12 @@
#include "qemu/osdep.h"
#include "device-save.h"
#include "migration/qemu-file.h"
#include "io/channel-buffer.h"
#include "channel-buffer-writeback.h"
#include "migration/vmstate.h"
#include "qemu/main-loop.h"
#include "../syx-misc.h"
#include "libafl/syx-misc.h"
#include "libafl/syx-snapshot/channel-buffer-writeback.h"
#include "libafl/syx-snapshot/device-save.h"
#include "migration/savevm.h"

2
libafl_extras/syx-snapshot/syx-cow-cache.c → libafl/syx-snapshot/syx-cow-cache.c
View File

@ -1,4 +1,4 @@
#include "syx-cow-cache.h"
#include "libafl/syx-snapshot/syx-cow-cache.h"
#include "sysemu/block-backend.h"

4
libafl_extras/syx-snapshot/syx-snapshot.c → libafl/syx-snapshot/syx-snapshot.c
View File

@ -8,8 +8,8 @@
#include "exec/ram_addr.h"
#include "exec/exec-all.h"
#include "syx-snapshot.h"
#include "device-save.h"
#include "libafl/syx-snapshot/syx-snapshot.h"
#include "libafl/syx-snapshot/device-save.h"
#define SYX_SNAPSHOT_LIST_INIT_SIZE 4096
#define SYX_SNAPSHOT_LIST_GROW_FACTOR 2

2
linux-user/cpu_loop-common.h
View File

@ -25,7 +25,7 @@
//// --- Begin LibAFL code ---
#include "libafl_extras/exit.h"
#include "libafl/exit.h"
//// --- End LibAFL code ---

14
linux-user/syscall.c
View File

@ -6522,7 +6522,7 @@ typedef struct {
//// --- Begin LibAFL code ---
#include "libafl_extras/hook.h"
#include "libafl/hook.h"
extern __thread CPUArchState *libafl_qemu_env;
@ -13672,22 +13672,16 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
//// --- Begin LibAFL code ---
struct libafl_mapinfo {
target_ulong start, end;
target_ulong offset;
const char* path;
int flags, is_priv;
};
IntervalTreeNode * libafl_maps_first(IntervalTreeRoot * map_info);
IntervalTreeNode * libafl_maps_next(IntervalTreeNode *node, struct libafl_mapinfo* ret);
#include "libafl/user.h"
IntervalTreeNode * libafl_maps_first(IntervalTreeRoot * map_info) {
return interval_tree_iter_first(map_info, 0, -1);
}
IntervalTreeNode * libafl_maps_next(IntervalTreeNode *node, struct libafl_mapinfo* ret) {
if (!node || !ret)
if (!node || !ret) {
return NULL;
}
MapInfo *e = container_of(node, MapInfo, itree);

2
meson.build
View File

@ -3256,7 +3256,7 @@ target_user_arch = {}
### LibAFL extras
subdir('libafl_extras')
subdir('libafl')
###############
# Trace files #