From 5d6f07cc22fd8065a2df3ff11f756fc27b38f144 Mon Sep 17 00:00:00 2001
From: Sergej Schumilo <sergej@schumilo.de>
Date: Thu, 2 Dec 2021 21:43:28 +0100
Subject: [PATCH] add hypercall hander for
 KVM_EXIT_KAFL_PERSIST_PAGE_PAST_SNAPSHOT

---
 linux-headers/linux/kvm.h |  3 ++-
 nyx/hypercall.c           | 14 +++++++++++++-
 nyx/memory_access.c       |  2 +-
 nyx/memory_access.h       |  2 ++
 4 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index f9e47d9131..a2095ead24 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -299,7 +299,8 @@ struct kvm_hyperv_exit {
 
 #define KVM_EXIT_KAFL_DUMP_FILE 137
 
-#define HYPERCALL_KAFL_REQ_STREAM_DATA_BULK 138
+#define KVM_EXIT_KAFL_REQ_STREAM_DATA_BULK 138
+#define KVM_EXIT_KAFL_PERSIST_PAGE_PAST_SNAPSHOT 139
 
 
 #define KVM_CAP_NYX_PT 512
diff --git a/nyx/hypercall.c b/nyx/hypercall.c
index d11ad05383..2048bea2d4 100644
--- a/nyx/hypercall.c
+++ b/nyx/hypercall.c
@@ -1092,6 +1092,14 @@ static void handle_hypercall_kafl_dump_file(struct kvm_run *run, CPUState *cpu,
 	}
 }
 
+static void handle_hypercall_kafl_persist_page_past_snapshot(struct kvm_run *run, CPUState *cpu, uint64_t hypercall_arg){
+	CPUX86State *env = &(X86_CPU(cpu))->env;
+	kvm_arch_get_registers_fast(cpu);
+	hwaddr phys_addr = (hwaddr) get_paging_phys_addr(cpu, env->cr[3], hypercall_arg&(~0xFFF));
+	assert(phys_addr != 0xffffffffffffffffULL);
+	fast_reload_blacklist_page(get_fast_reload_snapshot(), phys_addr);
+}
+
 int handle_kafl_hypercall(struct kvm_run *run, CPUState *cpu, uint64_t hypercall, uint64_t arg){
 	int ret = -1;
 	//fprintf(stderr, "%s -> %ld\n", __func__, hypercall);
@@ -1289,10 +1297,14 @@ int handle_kafl_hypercall(struct kvm_run *run, CPUState *cpu, uint64_t hypercall
 			handle_hypercall_kafl_dump_file(run, cpu, arg);
 			ret = 0;
 			break;
-		case HYPERCALL_KAFL_REQ_STREAM_DATA_BULK:
+		case KVM_EXIT_KAFL_REQ_STREAM_DATA_BULK:
 			handle_hypercall_kafl_req_stream_data_bulk(run, cpu, arg);
 			ret = 0;
 			break;
+		case KVM_EXIT_KAFL_PERSIST_PAGE_PAST_SNAPSHOT:
+			handle_hypercall_kafl_persist_page_past_snapshot(run, cpu, arg);
+			ret = 0;
+			break;
 	}
 	return ret;
 }
diff --git a/nyx/memory_access.c b/nyx/memory_access.c
index f1660b3e7e..4701a8005a 100644
--- a/nyx/memory_access.c
+++ b/nyx/memory_access.c
@@ -76,7 +76,7 @@ static void set_mem_mode(CPUState *cpu){
 }
 
 /*  Warning: This might break memory handling for hypervisor fuzzing => FIXME LATER */
-static uint64_t get_paging_phys_addr(CPUState *cpu, uint64_t cr3, uint64_t addr){
+uint64_t get_paging_phys_addr(CPUState *cpu, uint64_t cr3, uint64_t addr){
     if(GET_GLOBAL_STATE()->mem_mode == mm_unkown){
         set_mem_mode(cpu);
     }
diff --git a/nyx/memory_access.h b/nyx/memory_access.h
index eec745f10e..0b260eddc5 100644
--- a/nyx/memory_access.h
+++ b/nyx/memory_access.h
@@ -34,6 +34,8 @@ along with QEMU-PT.  If not, see <http://www.gnu.org/licenses/>.
 #define address_to_ram_offset(offset)  (offset >= MEM_SPLIT_END ? (offset - MEM_SPLIT_END) + MEM_SPLIT_START : offset)
 #define ram_offset_to_address(offset)  (offset >= MEM_SPLIT_START ? (offset - MEM_SPLIT_START) + MEM_SPLIT_END : offset)
 
+uint64_t get_paging_phys_addr(CPUState *cpu, uint64_t cr3, uint64_t addr);
+
 bool read_physical_memory(uint64_t address, uint8_t* data, uint32_t size, CPUState *cpu);
 bool write_physical_memory(uint64_t address, uint8_t* data, uint32_t size, CPUState *cpu);