Merge branch 'main' of github.com:AFLplusplus/qemu-libafl-bridge into main

linux-user/elfload.c

@@ -2240,7 +2240,25 @@ static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot)
     }
 
     if (host_start < host_map_start) {
+        //// --- Begin LibAFL code ---
+        /* We are doing a memset to a destination that might not be writable.
+           Temporary change permissions and restore below. */
+        int tmp_prot = prot;
+        if(!(tmp_prot & PROT_WRITE)) {
+            tmp_prot ^= PROT_WRITE;
+            mprotect((void *)(host_map_start - qemu_real_host_page_size()),
+                              qemu_real_host_page_size(), tmp_prot);
+        }
+        //// --- End LibAFL code ---
+
         memset((void *)host_start, 0, host_map_start - host_start);
+
+        //// --- Begin LibAFL code ---
+        if(tmp_prot != prot) {
+            mprotect((void *)(host_map_start - qemu_real_host_page_size()),
+                              qemu_real_host_page_size(), prot);
+        }
+        //// --- End LibAFL code ---
     }
 }
 
@@ -3049,6 +3067,10 @@ static void load_elf_image(const char *image_name, int image_fd,
                 loaddr = a;
             }
             a = eppnt->p_vaddr + eppnt->p_memsz - 1;
+            //// --- Begin LibAFL code ---
+            /* Fix a case where eppnt->p_memsz is zero */
+            if(eppnt->p_memsz == 0) a++;
+            //// --- End LibAFL code ---
             if (a > hiaddr) {
                 hiaddr = a;
             }
@@ -3201,6 +3223,15 @@ static void load_elf_image(const char *image_name, int image_fd,
 
     for (i = 0; i < ehdr->e_phnum; i++) {
         struct elf_phdr *eppnt = phdr + i;
+
+        //// --- Begin LibAFL code ---
+        #ifdef TARGET_HEXAGON
+        /* Encountered cases where p_type was PT_NULL
+           but the segment should still be loaded. */
+        if((eppnt->p_type == PT_NULL) && eppnt->p_vaddr) eppnt->p_type = PT_LOAD;
+        #endif
+        //// --- End LibAFL code ---
+
         if (eppnt->p_type == PT_LOAD) {
             abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em, vaddr_len;
             int elf_prot = 0;
@@ -3598,6 +3629,10 @@ int load_elf_binary(struct linux_binprm *bprm, struct image_info *info)
         exit(-1);
     }
 
+    //// --- Begin LibAFL code ---
+    if(elf_interpreter && !elf_interpreter[0]) elf_interpreter = NULL;
+    //// --- End LibAFL code ---
+
     if (elf_interpreter) {
         load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
 

linux-user/hexagon/cpu_loop.c

@@ -33,12 +33,29 @@ void cpu_loop(CPUHexagonState *env)
     target_ulong ret;
 
     for (;;) {
+
+//// --- Begin LibAFL code ---
+
+        if (libafl_qemu_break_asap) return;
+
+//// --- End LibAFL code ---
+
         cpu_exec_start(cs);
         trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
         process_queued_cpu_work(cs);
 
         switch (trapnr) {
+
+//// --- Begin LibAFL code ---
+
+#define EXCP_LIBAFL_BP 0xf4775747
+
+        case EXCP_LIBAFL_BP:
+            return;
+
+//// --- End LibAFL code ---
+
         case EXCP_INTERRUPT:
             /* just indicate that signals should be handled asap */
             break;

target/hexagon/cpu-param.h

@@ -18,7 +18,16 @@
 #ifndef HEXAGON_CPU_PARAM_H
 #define HEXAGON_CPU_PARAM_H
 
-#define TARGET_PAGE_BITS 16     /* 64K pages */
+//// --- Begin LibAFL code ---
+
+/* Binaries that assume 4k page size were observed.
+   Unless TARGET_PAGE_BITS is reduced, Qemu elf loader
+   will error out for such binaries. */
+//#define TARGET_PAGE_BITS 16     /* 64K pages */
+#define TARGET_PAGE_BITS 12     /* 4K pages */
+
+//// --- End LibAFL code ---
+
 #define TARGET_LONG_BITS 32
 
 #define TARGET_PHYS_ADDR_SPACE_BITS 36