Introduce libafl_breakpoint_cpu

accel/tcg/tcg-runtime.c

@@ -128,13 +128,16 @@ void libafl_load_qemu_snapshot(char *name, bool sync)
 
 int libafl_qemu_break_asap = 0;
 
+CPUState* libafl_breakpoint_cpu;
+
 void libafl_qemu_trigger_breakpoint(CPUState* cpu);
 
 void libafl_qemu_trigger_breakpoint(CPUState* cpu)
 {
 #ifndef CONFIG_USER_ONLY
-    qemu_system_debug_request();
+    libafl_breakpoint_cpu = cpu;
     cpu->stopped = true;
+    qemu_system_debug_request();
 #else
     if (cpu->running) {
         cpu->exception_index = EXCP_LIBAFL_BP;

cpu.c

@@ -98,6 +98,8 @@ int libafl_qemu_remove_hook(size_t num, int invalidate);
 struct libafl_hook* libafl_search_hook(target_ulong addr);
 void libafl_flush_jit(void);
 
+extern CPUState* libafl_breakpoint_cpu;
+
 /*
 void* libafl_qemu_g2h(CPUState *cpu, target_ulong x);
 target_ulong libafl_qemu_h2g(CPUState *cpu, void* x);
@@ -149,6 +151,11 @@ int libafl_qemu_num_cpus(void)
 
 CPUState* libafl_qemu_current_cpu(void)
 {
+#ifndef CONFIG_USER_ONLY
+    if (current_cpu == NULL) {
+        return libafl_breakpoint_cpu;
+    }
+#endif
     return current_cpu;
 }
 

softmmu/cpus.c

@@ -717,8 +717,21 @@ int vm_prepare_start(bool step_pending)
     return 0;
 }
 
+//// --- Begin LibAFL code ---
+
+extern CPUState* libafl_breakpoint_cpu;
+
+//// --- End LibAFL code ---
+
 void vm_start(void)
 {
+
+//// --- Begin LibAFL code ---
+
+    libafl_breakpoint_cpu = NULL; // Rely on current_cpu in the hooks
+
+//// --- End LibAFL code ---
+
     if (!vm_prepare_start(false)) {
         resume_all_vcpus();
     }