diff --git a/nyx/hypercall/debug.c b/nyx/hypercall/debug.c index 5e55252380..b656421488 100644 --- a/nyx/hypercall/debug.c +++ b/nyx/hypercall/debug.c @@ -6,9 +6,11 @@ #include "nyx/fast_vm_reload.h" #include "nyx/hypercall/debug.h" +#include "nyx/memory_access.h" #include "nyx/state/state.h" #include "nyx/synchronization.h" #include "qapi/qapi-commands-dump.h" +#include "exec/ram_addr.h" #ifdef NYX_DEBUG #define NYX_ENABLE_DEBUG_HYPERCALLS @@ -52,6 +54,61 @@ static void meassure_performance(void) perf_counter++; } +static void handle_hypercall_kafl_debug_virt_to_ram_offset(struct kvm_run *run, + CPUState *cpu, + uint64_t hypercall_arg) +{ + static bool once = true; + CPUX86State *env; + static uint64_t ram_block = 0; + RAMBlock *block; + + if(once){ + if (!fast_snapshot_exists(GET_GLOBAL_STATE()->reload_state, + REQUEST_ROOT_EXISTS)) + { + request_fast_vm_reload(GET_GLOBAL_STATE()->reload_state, + REQUEST_SAVE_SNAPSHOT_ROOT); + } + + QLIST_FOREACH_RCU (block, &ram_list.blocks, next) { + if (!memcmp(block->idstr, "pc.ram", 6)) { + + ram_block = (uint64_t)block->host; + break; + } + } + + assert(ram_block != 0); + + once = false; + } + + kvm_arch_get_registers_fast(cpu); + env = &(X86_CPU(cpu))->env; + + uint64_t virt_addr = hypercall_arg & ~0xFFF; + + uint64_t phys_addr = (hwaddr)get_paging_phys_addr(cpu, env->cr[3], virt_addr) & 0xFFFFFFFFFFFFF000ULL; + uint64_t phys_addr_ram_offset = address_to_ram_offset(phys_addr); + + if(!(phys_addr_ram_offset < snapshot_page_blocklist_get_phys_area_size(get_fast_reload_snapshot()->blocklist))){ + + printf("virt: %lx\n", virt_addr); + printf("phys: %lx\n", phys_addr); + printf("ram_offset: %lx\n", phys_addr_ram_offset); + abort(); + } + + *((uint64_t*)(ram_block+phys_addr_ram_offset)) = virt_addr; + + if(ram_offset_to_address(phys_addr_ram_offset) != phys_addr){ + printf("phys: %lx\n", phys_addr); + printf("ram_offset_to_address(phys_addr_ram_offset): %lx\n", ram_offset_to_address(phys_addr_ram_offset)); + abort(); + } +} + void handle_hypercall_kafl_debug_tmp_snapshot(struct kvm_run *run, CPUState *cpu, uint64_t hypercall_arg) @@ -105,7 +162,7 @@ void handle_hypercall_kafl_debug_tmp_snapshot(struct kvm_run *run, REQUEST_LOAD_SNAPSHOT_ROOT); break; } - case 6: + case 6: // kcore debug hypercall nyx_warn_once("%s: perform kcore_dump!\n", __func__); bool in_fuzzing_mode_state = GET_GLOBAL_STATE()->in_fuzzing_mode; GET_GLOBAL_STATE()->in_fuzzing_mode = true; @@ -116,6 +173,9 @@ void handle_hypercall_kafl_debug_tmp_snapshot(struct kvm_run *run, } GET_GLOBAL_STATE()->in_fuzzing_mode = in_fuzzing_mode_state; break; + case 7: // virtual address to ramblock offset debug hypercall + handle_hypercall_kafl_debug_virt_to_ram_offset(run, cpu, hypercall_arg); + break; default: abort(); } diff --git a/nyx/snapshot/memory/block_list.c b/nyx/snapshot/memory/block_list.c index d263d184fa..6746d519ce 100644 --- a/nyx/snapshot/memory/block_list.c +++ b/nyx/snapshot/memory/block_list.c @@ -16,6 +16,9 @@ // #define DEBUG_NYX_SNAPSHOT_PAGE_BLOCKLIST +uint64_t snapshot_page_blocklist_get_phys_area_size(snapshot_page_blocklist_t *self){ + return self->phys_area_size; +} snapshot_page_blocklist_t *snapshot_page_blocklist_init(void) { diff --git a/nyx/snapshot/memory/block_list.h b/nyx/snapshot/memory/block_list.h index 0f67b171e8..a29e8f9aef 100644 --- a/nyx/snapshot/memory/block_list.h +++ b/nyx/snapshot/memory/block_list.h @@ -32,3 +32,7 @@ static inline bool snapshot_page_blocklist_check_phys_addr( } snapshot_page_blocklist_t *snapshot_page_blocklist_init(void); + +#ifdef NYX_DEBUG +uint64_t snapshot_page_blocklist_get_phys_area_size(snapshot_page_blocklist_t *self); +#endif