save edges after interrupts

2022-04-06 21:16:15 +02:00 · 2022-04-06 21:16:15 +02:00 · ff823f26ff
commit ff823f26ff
parent 80af255c2e
2 changed files with 21 additions and 0 deletions
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@ -868,6 +868,7 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
 TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block,
                                  target_ulong dst_block, target_ulong cs_base,
                                  uint32_t flags, int cflags);
 void libafl_exec_edge_one_off(target_ulong src_block, target_ulong dst_block);
 //// --- End LibAFL code ---
@ -970,6 +971,11 @@ int cpu_exec(CPUState *cpu)
                 */
                qatomic_set(&cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)], tb);
            }
            //// --- Begin LibAFL code ---
            if (!last_tb) {
                libafl_exec_edge_one_off(0, tb->pc);
            }
            //// --- End LibAFL code ---
 #ifndef CONFIG_USER_ONLY
            /*
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@ -68,6 +68,7 @@
 #include "exec/helper-head.h"
 void libafl_helper_table_add(TCGHelperInfo* info);
 void libafl_exec_edge_one_off(target_ulong src_block, target_ulong dst_block);
 TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block,
                                  target_ulong dst_block, target_ulong cs_base,
                                  uint32_t flags, int cflags);
@ -1770,6 +1771,20 @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
 }
 //// --- Begin LibAFL code ---
 void libafl_exec_edge_one_off(target_ulong src_block, target_ulong dst_block)
 {
    uint32_t libafl_id = 0;
    if (libafl_gen_edge_hook)
        libafl_id = libafl_gen_edge_hook((uint64_t)src_block, (uint64_t)dst_block);
    if (!libafl_exec_edge_hook || libafl_id == (uint32_t)-1)
        return;
    if (!exec_edge_hook_added) {
        exec_edge_hook_added = 1;
        libafl_exec_edge_hook_info.func = libafl_exec_edge_hook;
        libafl_helper_table_add(&libafl_exec_edge_hook_info);
    }
    libafl_exec_edge_hook(libafl_id);
 }
 /* Called with mmap_lock held for user mode emulation.  */
 TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block,