add hypercall hander for KVM_EXIT_KAFL_PERSIST_PAGE_PAST_SNAPSHOT

2021-12-02 21:43:28 +01:00 · 2021-12-02 21:43:28 +01:00 · 5d6f07cc22
commit 5d6f07cc22
parent cd702b528c
4 changed files with 18 additions and 3 deletions
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@ -299,7 +299,8 @@ struct kvm_hyperv_exit {

 #define KVM_EXIT_KAFL_DUMP_FILE 137

-#define HYPERCALL_KAFL_REQ_STREAM_DATA_BULK 138
+#define KVM_EXIT_KAFL_REQ_STREAM_DATA_BULK 138
+#define KVM_EXIT_KAFL_PERSIST_PAGE_PAST_SNAPSHOT 139


 #define KVM_CAP_NYX_PT 512
--- a/nyx/hypercall.c
+++ b/nyx/hypercall.c
@ -1092,6 +1092,14 @@ static void handle_hypercall_kafl_dump_file(struct kvm_run *run, CPUState *cpu,
 	}
 }

+static void handle_hypercall_kafl_persist_page_past_snapshot(struct kvm_run *run, CPUState *cpu, uint64_t hypercall_arg){
+	CPUX86State *env = &(X86_CPU(cpu))->env;
+	kvm_arch_get_registers_fast(cpu);
+	hwaddr phys_addr = (hwaddr) get_paging_phys_addr(cpu, env->cr[3], hypercall_arg&(~0xFFF));
+	assert(phys_addr != 0xffffffffffffffffULL);
+	fast_reload_blacklist_page(get_fast_reload_snapshot(), phys_addr);
+}
+
 int handle_kafl_hypercall(struct kvm_run *run, CPUState *cpu, uint64_t hypercall, uint64_t arg){
 	int ret = -1;
 	//fprintf(stderr, "%s -> %ld\n", __func__, hypercall);
@ -1289,10 +1297,14 @@ int handle_kafl_hypercall(struct kvm_run *run, CPUState *cpu, uint64_t hypercall
 			handle_hypercall_kafl_dump_file(run, cpu, arg);
 			ret = 0;
 			break;
-		case HYPERCALL_KAFL_REQ_STREAM_DATA_BULK:
+		case KVM_EXIT_KAFL_REQ_STREAM_DATA_BULK:
 			handle_hypercall_kafl_req_stream_data_bulk(run, cpu, arg);
 			ret = 0;
 			break;
+		case KVM_EXIT_KAFL_PERSIST_PAGE_PAST_SNAPSHOT:
+			handle_hypercall_kafl_persist_page_past_snapshot(run, cpu, arg);
+			ret = 0;
+			break;
 	}
 	return ret;
 }
--- a/nyx/memory_access.c
+++ b/nyx/memory_access.c
@ -76,7 +76,7 @@ static void set_mem_mode(CPUState *cpu){
 }

 /*  Warning: This might break memory handling for hypervisor fuzzing => FIXME LATER */
-static uint64_t get_paging_phys_addr(CPUState *cpu, uint64_t cr3, uint64_t addr){
+uint64_t get_paging_phys_addr(CPUState *cpu, uint64_t cr3, uint64_t addr){
    if(GET_GLOBAL_STATE()->mem_mode == mm_unkown){
        set_mem_mode(cpu);
    }
--- a/nyx/memory_access.h
+++ b/nyx/memory_access.h
@ -34,6 +34,8 @@ along with QEMU-PT.  If not, see <http://www.gnu.org/licenses/>.
 #define address_to_ram_offset(offset)  (offset >= MEM_SPLIT_END ? (offset - MEM_SPLIT_END) + MEM_SPLIT_START : offset)
 #define ram_offset_to_address(offset)  (offset >= MEM_SPLIT_START ? (offset - MEM_SPLIT_START) + MEM_SPLIT_END : offset)

+uint64_t get_paging_phys_addr(CPUState *cpu, uint64_t cr3, uint64_t addr);
+
 bool read_physical_memory(uint64_t address, uint8_t* data, uint32_t size, CPUState *cpu);
 bool write_physical_memory(uint64_t address, uint8_t* data, uint32_t size, CPUState *cpu);